├── .github
└── FUNDING.yml
├── .gitignore
├── Build
├── API.js
├── Apiset.json
├── UserDB_TODO.TXT
├── hooks
│ ├── API.d.ts
│ ├── ApiHook.d.ts
│ ├── address.js
│ ├── advapi32.js
│ ├── c_runtime.js
│ ├── const.js
│ ├── crtdll.js
│ ├── gdi32.js
│ ├── kernek32_strings.js
│ ├── kernel32.js
│ ├── kernel32_desktop.js
│ ├── kernel32_files.js
│ ├── kernel32_processes.js
│ ├── kernel32_self.js
│ ├── kernel32_threads.js
│ ├── kernelbase.js
│ ├── lpk.js
│ ├── msvcrt.js
│ ├── ntdll.js
│ ├── ole32.js
│ ├── powrprof.js
│ ├── shell32.js
│ ├── shlwapi.js
│ ├── urlmon.js
│ ├── user32.js
│ ├── uxtheme.js
│ ├── winhttp.js
│ ├── wininet.js
│ ├── ws2_32.js
│ └── wtsapi32.js
└── libraries
│ ├── linux
│ ├── libZydis.a
│ └── libunicorn.so
│ ├── osx
│ ├── libZydis.a
│ └── libunicorn.dylib
│ ├── win32
│ ├── libZydis32.a
│ ├── quickjs32.dll
│ └── unicorn32.dll
│ └── win64
│ ├── libZydis64.a
│ └── unicorn64.dll
├── Cmulator.lpi
├── Cmulator.lps
├── Cmulator.pas
├── Cmulator.rar
├── Cmulator_ty.rar
├── Core
├── Crypto
│ └── xxhash.pas
├── GUI
│ └── gui.pas
├── JSON
│ ├── .gitignore
│ ├── superobject.pas
│ ├── supertypes.pas
│ └── superxmlparser.pas
├── PE
│ ├── .gitignore
│ ├── NullStream.pas
│ ├── PE.Build.Common.pas
│ ├── PE.Build.Export.pas
│ ├── PE.Build.Import.pas
│ ├── PE.Build.Relocs.pas
│ ├── PE.Build.Resource.pas
│ ├── PE.Build.pas
│ ├── PE.COFF.Types.pas
│ ├── PE.COFF.pas
│ ├── PE.Common.pas
│ ├── PE.DataDirectories.pas
│ ├── PE.ExecutableLoader.pas
│ ├── PE.ExportSym.pas
│ ├── PE.FileHeaderToStr.pas
│ ├── PE.Headers.pas
│ ├── PE.ID.pas
│ ├── PE.Image.Defaults.pas
│ ├── PE.Image.Saving.pas
│ ├── PE.Image.pas
│ ├── PE.Image.x86.pas
│ ├── PE.Imports.Func.pas
│ ├── PE.Imports.Lib.pas
│ ├── PE.Imports.pas
│ ├── PE.MemoryStreamxxx.pas
│ ├── PE.Msg.pas
│ ├── PE.Parser.Export.pas
│ ├── PE.Parser.Headers.pas
│ ├── PE.Parser.Import.pas
│ ├── PE.Parser.ImportDelayed.pas
│ ├── PE.Parser.PData.pas
│ ├── PE.Parser.Relocs.pas
│ ├── PE.Parser.Resources.pas
│ ├── PE.Parser.TLS.pas
│ ├── PE.ParserCallbacks.pas
│ ├── PE.ProcessModuleStreamxxx.pas
│ ├── PE.RTTI.pas
│ ├── PE.Resources.Extract.pas
│ ├── PE.Resources.VersionInfo.pas
│ ├── PE.Resources.Windows.Bitmap.pas
│ ├── PE.Resources.Windows.Strings.pas
│ ├── PE.Resources.Windows.pas
│ ├── PE.Resources.pas
│ ├── PE.Search.pas
│ ├── PE.Section.pas
│ ├── PE.Sections.pas
│ ├── PE.TLS.pas
│ ├── PE.Types.DOSHeader.pas
│ ├── PE.Types.Directories.pas
│ ├── PE.Types.Export.pas
│ ├── PE.Types.FileHeader.pas
│ ├── PE.Types.Imports.pas
│ ├── PE.Types.ImportsDelayed.pas
│ ├── PE.Types.NTHeaders.pas
│ ├── PE.Types.OptionalHeader.pas
│ ├── PE.Types.Relocations.inc
│ ├── PE.Types.Relocations.pas
│ ├── PE.Types.Resources.pas
│ ├── PE.Types.Sections.inc
│ ├── PE.Types.Sections.pas
│ ├── PE.Types.TLS.pas
│ ├── PE.Types.pas
│ ├── PE.Utils.pas
│ ├── README.md
│ ├── VerRsrc.inc
│ ├── WinHelper.pas
│ ├── gmap.pas
│ └── grbtree.pas
├── QJS
│ └── quickjs.pas
├── Zydis
│ ├── Generated
│ │ ├── Zydis.Enum.ISAExt.inc
│ │ ├── Zydis.Enum.ISASet.inc
│ │ ├── Zydis.Enum.InstructionCategory.inc
│ │ ├── Zydis.Enum.Mnemonic.inc
│ │ └── Zydis.Enum.Register.inc
│ ├── Zydis.Decoder.pas
│ ├── Zydis.Exception.pas
│ ├── Zydis.Formatter.pas
│ └── Zydis.pas
├── besenunits.inc
├── emu.pas
├── fnhook.pas
├── generics_collections
│ ├── .gitignore
│ ├── Makefile
│ ├── Makefile.fpc
│ ├── README.md
│ ├── fpmake.pp
│ └── src
│ │ ├── generics.collections.pas
│ │ ├── generics.defaults.pas
│ │ ├── generics.hashes.pas
│ │ ├── generics.helpers.pas
│ │ ├── generics.memoryexpanders.pas
│ │ ├── generics.strings.pas
│ │ └── inc
│ │ ├── generics.dictionaries.inc
│ │ └── generics.dictionariesh.inc
├── globals.pas
├── interactive.pas
├── jsemuobj.pas
├── jsplugins_engine.pas
├── memmanager.pas
├── nativehooks.pas
├── pe_loader.pas
├── pesp
│ ├── .gitignore
│ ├── LICENSE
│ ├── PseCmn.pas
│ ├── PseDebugInfo.pas
│ ├── PseElf.pas
│ ├── PseElfFile.pas
│ ├── PseElfLoader.pas
│ ├── PseExportTable.pas
│ ├── PseFile.pas
│ ├── PseImgLoader.pas
│ ├── PseImportTable.pas
│ ├── PseLibFile.pas
│ ├── PseMapFileReader.pas
│ ├── PseMz.pas
│ ├── PseMzFile.pas
│ ├── PseNe.pas
│ ├── PseNeFile.pas
│ ├── PseObjFile.pas
│ ├── PsePe.pas
│ ├── PsePeFile.pas
│ ├── PsePeLoader.pas
│ ├── PseRawFile.pas
│ ├── PseResource.pas
│ ├── PseSection.pas
│ ├── PseVirtMem.pas
│ ├── README.md
│ ├── pse.dpr
│ ├── pse.dproj
│ ├── pse.lpi
│ └── pse.res
├── process
│ └── ethreads.pas
├── segments.pas
├── struct.inc
├── struct.pas
├── tep_peb.pas
├── unicorn
│ ├── Arm64Const.pas
│ ├── ArmConst.pas
│ ├── M68kConst.pas
│ ├── MipsConst.pas
│ ├── SparcConst.pas
│ ├── UnicornConst.pas
│ ├── Unicorn_dyn.pas
│ └── X86Const.pas
└── utils.pas
├── LICENSE
├── README.md
├── docs.md
├── logo.png
├── memmanager.pas
└── samples
├── AntiDbgx32.exe
├── AntiDbgx32.idb
├── AntiDbgx64.exe
├── AntiDebugDownloader.exe
├── AntiEmu
└── blue.exe
├── BinaryCollection
├── Chapter_10L
│ ├── Lab10-01.exe
│ ├── Lab10-01.sys
│ ├── Lab10-02.exe
│ ├── Lab10-03.exe
│ └── Lab10-03.sys
├── Chapter_11L
│ ├── Lab11-01.exe
│ ├── Lab11-02.dll
│ ├── Lab11-02.ini
│ ├── Lab11-03.dll
│ └── Lab11-03.exe
├── Chapter_12L
│ ├── Lab12-01.dll
│ ├── Lab12-01.exe
│ ├── Lab12-02.exe
│ ├── Lab12-03.exe
│ └── Lab12-04.exe
├── Chapter_13L
│ ├── Lab13-01.exe
│ ├── Lab13-02.exe
│ └── Lab13-03.exe
├── Chapter_14L
│ ├── Lab14-01.exe
│ ├── Lab14-02.exe
│ └── Lab14-03.exe
├── Chapter_15L
│ ├── Lab15-01.exe
│ ├── Lab15-02.exe
│ └── Lab15-03.exe
├── Chapter_16L
│ ├── Lab16-01.exe
│ ├── Lab16-02.exe
│ └── Lab16-03.exe
├── Chapter_17L
│ ├── Lab17-01.exe
│ ├── Lab17-02.dll
│ ├── Lab17-03.exe
│ └── findAntiVM.py
├── Chapter_18L
│ ├── Lab18-01.exe
│ ├── Lab18-02.exe
│ ├── Lab18-03.exe
│ ├── Lab18-04.exe
│ └── Lab18_05.exe
├── Chapter_19L
│ ├── Lab19-01.bin
│ ├── Lab19-02.exe
│ ├── Lab19-03.pdf
│ ├── Lab19-03_sc.bin
│ └── shellcode_launcher.exe
├── Chapter_1L
│ ├── Lab01-01.dll
│ ├── Lab01-01.exe
│ ├── Lab01-02.exe
│ ├── Lab01-03.exe
│ └── Lab01-04.exe
├── Chapter_20L
│ ├── Lab20-01.exe
│ ├── Lab20-02.exe
│ ├── Lab20-03.exe
│ └── config.dat
├── Chapter_21L
│ ├── Lab21-01.exe
│ └── Lab21-02.exe
├── Chapter_3L
│ ├── Lab03-01.exe
│ ├── Lab03-02.dll
│ ├── Lab03-03.exe
│ └── Lab03-04.exe
├── Chapter_5L
│ ├── Lab05-01.dll
│ └── Lab05-01.py
├── Chapter_6L
│ ├── Lab06-01.exe
│ ├── Lab06-02.exe
│ ├── Lab06-03.exe
│ └── Lab06-04.exe
├── Chapter_7L
│ ├── Lab07-02.exe
│ ├── Lab07-03.dll
│ ├── Lab07-03.exe
│ └── Lab07_01.exe
└── Chapter_9L
│ ├── DLL1.dll
│ ├── DLL2.dll
│ ├── DLL3.dll
│ ├── Lab09-01.exe
│ ├── Lab09-02.exe
│ └── Lab09-03.exe
├── Corkami_tests
└── bin
│ ├── 65535sects.exe
│ ├── 96emptysections.exe
│ ├── 96workingsections.exe
│ ├── appendeddata.exe
│ ├── appendedhdr.exe
│ ├── appendedsecttbl.exe
│ ├── apphdrW7.exe
│ ├── appsectableW7.exe
│ ├── aslr-ld.exe
│ ├── aslr.dll
│ ├── bigSoRD.exe
│ ├── bigalign.exe
│ ├── bigib.exe
│ ├── bigsec.exe
│ ├── bin.sha
│ ├── bottomsecttbl.exe
│ ├── cfgbogus.exe
│ ├── compiled.exe
│ ├── copyright.exe
│ ├── ctxt-ld.exe
│ ├── ctxt.dll
│ ├── d_nonnull-ld.exe
│ ├── d_nonnull.dll
│ ├── d_resource-ld.exe
│ ├── d_resource.dll
│ ├── d_tiny-ld.exe
│ ├── d_tiny.dll
│ ├── ddsect.exe
│ ├── debug.exe
│ ├── delaycorrupt.exe
│ ├── delayfake.exe
│ ├── delayimports.exe
│ ├── dep.exe
│ ├── dll-dynld.exe
│ ├── dll-dynunicld.exe
│ ├── dll-ld.exe
│ ├── dll-webdavld.exe
│ ├── dll.dll
│ ├── dllbound-ld.exe
│ ├── dllbound-redirld.exe
│ ├── dllbound-redirldXP.exe
│ ├── dllbound.dll
│ ├── dllbound2.dll
│ ├── dllcfgdup-dynld.exe
│ ├── dllcfgdup.dll
│ ├── dllemptyexp-ld.exe
│ ├── dllemptyexp.dll
│ ├── dllextep-ld.exe
│ ├── dllextep.dll
│ ├── dllfakess-dynld.exe
│ ├── dllfakess-ld.exe
│ ├── dllfakess.dll
│ ├── dllfw-ld.exe
│ ├── dllfw.dll
│ ├── dllfwloop-ld.exe
│ ├── dllfwloop.dll
│ ├── dllmaxvals-dynld.exe
│ ├── dllmaxvals-ld.exe
│ ├── dllmaxvals.dll
│ ├── dllnegep-ld.exe
│ ├── dllnegep.dll
│ ├── dllnoexp-dynld.exe
│ ├── dllnoexp.dll
│ ├── dllnomain-ld.exe
│ ├── dllnomain.dll
│ ├── dllnomain2-dynld.exe
│ ├── dllnomain2.dll
│ ├── dllnoreloc-ld.exe
│ ├── dllnoreloc.dll
│ ├── dllnullep-dynld.exe
│ ├── dllnullep-ld.exe
│ ├── dllnullep.dll
│ ├── dllord-ld.exe
│ ├── dllord.dll
│ ├── dllweirdexp-ld.exe
│ ├── dllweirdexp.dll
│ ├── dosZMXP.exe
│ ├── dotnet20.exe
│ ├── driver.sys
│ ├── dump_imports.exe
│ ├── duphead.exe
│ ├── dupsec.exe
│ ├── exceptions.exe
│ ├── exe2pe.exe
│ ├── exportobf.exe
│ ├── exports_doc.exe
│ ├── exports_order.exe
│ ├── exportsdata.exe
│ ├── fakenet.exe
│ ├── fakeregs.exe
│ ├── fakeregslib.dll
│ ├── fakerelocs.exe
│ ├── fixsum.py
│ ├── foldedhdr.exe
│ ├── foldedhdrW7.exe
│ ├── footer.exe
│ ├── gui.exe
│ ├── hard_imports.exe
│ ├── hdrcode.exe
│ ├── hdrdata.exe
│ ├── hiddenappdata1.exe
│ ├── hiddenappdata2.exe
│ ├── ibkernel.exe
│ ├── ibkmanual.exe
│ ├── ibknoreloc64.exe
│ ├── ibnullXP.exe
│ ├── ibreloc.exe
│ ├── ibrelocW7.exe
│ ├── impbyord.exe
│ ├── imports.exe
│ ├── imports_apimsW7.exe
│ ├── imports_badterm.exe
│ ├── imports_bogusIAT.exe
│ ├── imports_corruptedIAT.exe
│ ├── imports_iatindesc.exe
│ ├── imports_mixed.exe
│ ├── imports_multidesc.exe
│ ├── imports_nnIAT.exe
│ ├── imports_noext.exe
│ ├── imports_noint.exe
│ ├── imports_nothunk.exe
│ ├── imports_relocW7.exe
│ ├── imports_tinyW7.exe
│ ├── imports_tinyXP.exe
│ ├── imports_virtdesc.exe
│ ├── imports_vterm.exe
│ ├── importsdotXP.exe
│ ├── importshint.exe
│ ├── ldrsnaps.exe
│ ├── ldrsnaps64.exe
│ ├── lfanew_relocW7.exe
│ ├── lfanew_relocXP.exe
│ ├── lowaldiff.exe
│ ├── lowsubsys.exe
│ ├── makefile
│ ├── manifest.exe
│ ├── manifest_broken.exe
│ ├── manifest_bsod.exe
│ ├── manyimportsW7.exe
│ ├── maxsecW7.exe
│ ├── maxsecXP.exe
│ ├── maxsec_lowaligW7.exe
│ ├── maxvals.exe
│ ├── memshared-ld.exe
│ ├── memshared.dll
│ ├── mini.exe
│ ├── mscoree.exe
│ ├── multiss.exe
│ ├── multiss.py
│ ├── multiss_con.exe
│ ├── multiss_drv.sys
│ ├── multiss_gui.exe
│ ├── mz.exe
│ ├── namedresource.exe
│ ├── no0code.exe
│ ├── no_dd.exe
│ ├── no_dd64.exe
│ ├── no_dep.exe
│ ├── no_seh.exe
│ ├── normal.exe
│ ├── normal64.exe
│ ├── nosectionW7.exe
│ ├── nosectionXP.exe
│ ├── nothing-ld.exe
│ ├── nothing.dll
│ ├── nullEP.exe
│ ├── nullSOH-XP.exe
│ ├── nullvirt.exe
│ ├── ownexports.exe
│ ├── ownexports2.exe
│ ├── ownexportsdot.exe
│ ├── pdf.exe
│ ├── pdf_zip_pe.exe
│ ├── quine.exe
│ ├── reloc4.exe
│ ├── reloc9.exe
│ ├── relocOSdet.exe
│ ├── reloccrypt.exe
│ ├── reloccryptW8.exe
│ ├── reloccryptXP.exe
│ ├── relocsstripped.exe
│ ├── relocsstripped64.exe
│ ├── reshdr.exe
│ ├── resource.exe
│ ├── resource2.exe
│ ├── resource_icon.exe
│ ├── resource_string.exe
│ ├── resourceloop.exe
│ ├── safeseh.exe
│ ├── safeseh_fly.exe
│ ├── sc.exe
│ ├── secinsec.exe
│ ├── seh_change64.exe
│ ├── shuffledsect.exe
│ ├── signature.exe
│ ├── skippeddynbase.exe
│ ├── slackspace.exe
│ ├── ss63.exe
│ ├── ss63nocookie.exe
│ ├── standard.exe
│ ├── test.bat
│ ├── test.txt
│ ├── testW7-32.bat
│ ├── testW7-32.txt
│ ├── testW7-64.bat
│ ├── testW7-64.txt
│ ├── testW8.bat
│ ├── testXP.bat
│ ├── testxp.txt
│ ├── tiny.exe
│ ├── tinyW7.exe
│ ├── tinyW7_3264.exe
│ ├── tinyW7x64.exe
│ ├── tinyXP.exe
│ ├── tinydll-ld.exe
│ ├── tinydll.dll
│ ├── tinydllXP-ld.exe
│ ├── tinydllXP.dll
│ ├── tinydrivXP.sys
│ ├── tinygui.exe
│ ├── tinynet.exe
│ ├── tls.exe
│ ├── tls64.exe
│ ├── tls_aoi.exe
│ ├── tls_aoiOSDET.exe
│ ├── tls_exiting.exe
│ ├── tls_import.exe
│ ├── tls_k32.exe
│ ├── tls_noEP.exe
│ ├── tls_obfuscation.exe
│ ├── tls_onthefly.exe
│ ├── tls_reloc.exe
│ ├── tls_virtEP.exe
│ ├── truncatedlast.exe
│ ├── truncsectbl.exe
│ ├── version_cust.exe
│ ├── version_mini.exe
│ ├── version_std.exe
│ ├── virtEP.exe
│ ├── virtgap.exe
│ ├── virtrelocXP.exe
│ ├── virtsectblXP.exe
│ ├── weirdsord.exe
│ └── winver.exe
├── Downloader.exe
├── Int3Hook.exe
├── MessageBox_x64.exe
├── PEB_MSGBOX.exe
├── Shellcodes
├── MsgBox64.sc
├── URLDownloadToFile.sc
├── Wincalc.sc
├── ZUrlDownloadToFile.sc
├── down_exec64.sc
├── sc_samples
│ ├── UnhandledExceptionFilter.sc
│ ├── UrlDownloadToFile.sc
│ ├── alloc_hook_patch.sc
│ ├── calc.sc
│ ├── codbot.sc
│ ├── countdown.sc
│ ├── dropz.sc
│ ├── getpc_1.sc
│ ├── getpc_2.sc
│ ├── msgbox.sc
│ ├── msgbox2.sc
│ ├── pop_XXXX.sc
│ ├── recv_cmd.sc
│ ├── recvfile.sc
│ ├── seh_winexec.sc
│ ├── shellexec.sc
│ ├── tftp.sc
│ └── vncdll.sc
└── tm.sc
├── case.exe
├── case_packed_fsg.exe
├── cpuid.exe
├── dropper.exe
├── mal.exe
├── malxx.exe
├── obfuscated
├── obfuscated.exe
├── original.exe
├── readme.txt
├── source.asm
└── w00t.exe
├── real
└── ArtraDownloader
├── small.exe
└── url.exe
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | github: [Coldzer0]
2 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 |
2 |
3 | *.dSYM
4 |
5 | # Delphi compiler-generated binaries (safe to delete)
6 | *.bpl
7 | *.bpi
8 | *.dcp
9 | *.apk
10 | *.drc
11 | *.map
12 | *.dres
13 | *.rsm
14 | *.tds
15 | *.dcu
16 | *.lib
17 | *.o
18 | *.ocx
19 | *.zip
20 |
21 |
22 | # Delphi autogenerated files (duplicated info)
23 | *.cfg
24 | *.hpp
25 | *Resource.rc
26 |
27 | # Delphi local files (user-specific info)
28 | *.local
29 | *.identcache
30 | *.projdata
31 | *.tvsconfig
32 | *.dsk
33 |
34 | # Delphi history , Build and backups
35 | lib
36 | backup
37 | __history/
38 | __recovery/
39 | *.~*
40 |
41 | # Castalia statistics file (since XE7 Castalia is distributed with Delphi)
42 | *.stat
43 | *.bak
44 |
45 | # unwanted folders :D
46 | samples/VMProtect
47 | PEParser
48 | Core/Duktabe
49 | unicorn-engine-pascal
50 | CTF
51 | GDT
52 | win_dlls
53 | Build/OSX
54 | Build/linux
55 | Build/win
56 | samples/Flare7_Challenges/
57 | samples/real/
58 | *.a
59 | *.so
60 | *.DS_Store
61 | *.idb
--------------------------------------------------------------------------------
/Build/API.js:
--------------------------------------------------------------------------------
1 | // this's a global format function
2 |
3 | String.prototype.format = function () {
4 | "use strict";
5 | var str = this.toString();
6 | if (arguments.length) {
7 | var t = typeof arguments[0];
8 | var key;
9 | var args = ("string" === t || "number" === t) ?
10 | Array.prototype.slice.call(arguments) :
11 | arguments[0];
12 |
13 | for (key in args) {
14 | str = str.replace(new RegExp("\\{" + key + "\\}", "gi"), args[key]);
15 | }
16 | }
17 |
18 | return str;
19 | };
20 |
21 | String.prototype.contains = function (segment, ignoreCase) {
22 |
23 | if (ignoreCase) {
24 | return this.toLowerCase().indexOf(segment.toLowerCase()) !== -1;
25 | }
26 | return this.indexOf(segment) !== -1;
27 | };
28 |
29 | Array.prototype.inList=function(value,ignoreCase){
30 |
31 | for (var i = 0; i < this.length; i++) {
32 | if (value.contains(this[i],ignoreCase)) {
33 | return true;
34 | }
35 | }
36 | return false;
37 | }
38 |
39 | importScripts(
40 | 'hooks/const.js',
41 | 'hooks/ntdll.js',
42 | 'hooks/kernelbase.js',
43 | 'hooks/kernel32.js',
44 | 'hooks/kernel32_self.js',
45 | 'hooks/kernel32_files.js',
46 | 'hooks/kernel32_desktop.js',
47 | 'hooks/kernel32_threads.js',
48 | 'hooks/kernek32_strings.js',
49 | 'hooks/kernel32_processes.js',
50 | 'hooks/user32.js',
51 | 'hooks/advapi32.js',
52 | 'hooks/shell32.js',
53 | 'hooks/shlwapi.js',
54 | 'hooks/urlmon.js',
55 | 'hooks/ws2_32.js',
56 | 'hooks/winhttp.js',
57 | 'hooks/msvcrt.js',
58 | 'hooks/c_runtime.js',
59 | 'hooks/wtsapi32.js',
60 | 'hooks/uxtheme.js',
61 | 'hooks/ole32.js',
62 | 'hooks/lpk.js',
63 | 'hooks/crtdll.js',
64 | 'hooks/powrprof.js',
65 | 'hooks/gdi32.js',
66 | 'hooks/wininet.js'
67 | );
68 |
69 | // put custom scripts here :D
70 | importScripts('hooks/address.js');
71 |
72 |
73 |
--------------------------------------------------------------------------------
/Build/UserDB_TODO.TXT:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Build/UserDB_TODO.TXT
--------------------------------------------------------------------------------
/Build/hooks/API.d.ts:
--------------------------------------------------------------------------------
1 | declare interface String {
2 | format(val : object): string;
3 | format(...args: any[]): string;
4 | }
5 |
--------------------------------------------------------------------------------
/Build/hooks/ApiHook.d.ts:
--------------------------------------------------------------------------------
1 | /**
2 | *
3 | *
4 | * @interface EmuAPI
5 | */
6 | declare interface EmuAPI {
7 |
8 |
9 |
10 | /**
11 | * Is Current PE x64 .
12 | *
13 | * @type {boolean}
14 | * @memberof EmuAPI
15 | */
16 | public isx64 : boolean;
17 |
18 | /**
19 | * Read X86 Register
20 | *
21 | * @param {number} Register - REG_{RegName}
22 | * @memberof EmuAPI
23 | */
24 | public ReadReg(Register : number) : number;
25 |
26 |
27 | /**
28 | *
29 | * Set Register Value .
30 | *
31 | * @param {number} Register
32 | * @param {number} Value
33 | * @returns {boolean}
34 | * @memberof EmuAPI
35 | */
36 | public SetReg(Register : number, Value : number) : boolean;
37 |
38 | /**
39 | * return the top of Stack
40 | * and Add 4 or 8 to Stack Pointer
41 | *
42 | * @returns {number}
43 | * @memberof EmuAPI
44 | */
45 | public pop() : number;
46 |
47 | /**
48 | * Strop the Cmulator .
49 | *
50 | * @memberof EmuAPI
51 | */
52 | public Stop(); void;
53 | }
54 |
55 | /**
56 | *
57 | *
58 | * @class ApiHook
59 | */
60 | declare class ApiHook{
61 |
62 | /**
63 | *Creates an instance of ApiHook.
64 | * @memberof ApiHook
65 | */
66 | constructor();
67 |
68 |
69 | /**
70 | *
71 | *
72 | * @param {EmuAPI} Emu
73 | * @param {number} Address
74 | * @returns {boolean}
75 | * @memberof ApiHook
76 | */
77 | public OnCallBack: (Emu: EmuAPI, Address: number) => boolean;
78 |
79 |
80 | /**
81 | *
82 | *
83 | * @param {string} LibraryName
84 | * @param {string} ApiName
85 | * @returns {boolean}
86 | * @memberof ApiHook
87 | */
88 | public install(LibraryName: string, ApiName: string): boolean;
89 | /**
90 | *
91 | *
92 | * @param {string} LibraryName
93 | * @param {number} Ordinal
94 | * @returns {boolean}
95 | * @memberof ApiHook
96 | */
97 | public install(LibraryName: string, Ordinal : number): boolean;
98 |
99 | }
100 |
--------------------------------------------------------------------------------
/Build/hooks/address.js:
--------------------------------------------------------------------------------
1 | var addr_hook_example = new ApiHook();
2 | addr_hook_example.OnCallBack = function () {
3 |
4 | info('EDI = ',Emu.ReadReg(REG_EDI).toString(16))
5 | info('ESI = ',Emu.ReadReg(REG_ESI).toString(16))
6 | info('Module : ',Emu.ReadStringA(Emu.ReadReg(REG_EAX)))
7 |
8 | return true;
9 | };
10 |
11 | addr_hook_example.install(0x401369);
12 |
--------------------------------------------------------------------------------
/Build/hooks/c_runtime.js:
--------------------------------------------------------------------------------
1 | 'use strict';
2 |
3 |
4 | // var exit = new ApiHook();
5 | // exit.OnCallBack = function (Emu, API,ret) {
6 |
7 | // Emu.Stop();
8 |
9 | // error('0x{0} : {1}'.format(
10 | // ret.toString(16),
11 | // API.name
12 | // ));
13 |
14 | // return true; // true if you handle it false if you want Emu to handle it and set PC .
15 | // };
16 | // exit.install('api-ms-win-crt-runtime-l1-1-0.dll', 'exit');
17 | // exit.install('api-ms-win-crt-runtime-l1-1-0.dll', '_exit');
18 |
19 | /*
20 | ###################################################################################################
21 | ###################################################################################################
22 | */
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/Build/hooks/crtdll.js:
--------------------------------------------------------------------------------
1 | // @ts-check
2 | ///
3 | ///
4 | ///
5 |
6 | 'use strict';
7 |
8 |
9 | var strcat = new ApiHook();
10 |
11 | strcat.OnCallBack = function (Emu, API, ret) {
12 |
13 | // i think implementing this in JS is a bit hard so
14 | // just let the library handle it :D
15 | info('[!] just let the library handle it :D');
16 | return true;
17 | };
18 | strcat.install('crtdll.dll', 'strcat');
19 |
20 |
21 | /*
22 | ###################################################################################################
23 | ###################################################################################################
24 | */
25 |
26 |
27 | var __GetMainArgs = new ApiHook();
28 |
29 | __GetMainArgs.OnCallBack = function (Emu, API, ret) {
30 |
31 | // i think implementing this in JS is a bit hard so
32 | // just let the library handle it :D
33 | info('[!] just let the library handle it :D');
34 | return true;
35 | };
36 | __GetMainArgs.install('crtdll.dll', '__GetMainArgs');
--------------------------------------------------------------------------------
/Build/hooks/gdi32.js:
--------------------------------------------------------------------------------
1 | // @ts-check
2 | ///
3 | ///
4 | ///
5 |
6 | 'use strict';
7 |
8 | var GetPath = new ApiHook();
9 | /*
10 | int GetPath(
11 | HDC hdc,
12 | LPPOINT apt,
13 | LPBYTE aj,
14 | int cpt
15 | );
16 | */
17 | GetPath.OnCallBack = function (Emu, API, ret) {
18 |
19 | Emu.pop(); // pop return address ..
20 |
21 | var hdc = Emu.isx64 ? Emu.ReadReg(REG_RCX) : Emu.pop();
22 | var apt = Emu.isx64 ? Emu.ReadReg(REG_EDX) : Emu.pop();
23 | var aj = Emu.isx64 ? Emu.ReadReg(REG_R8) : Emu.pop();
24 | var cpt = Emu.isx64 ? Emu.ReadReg(REG_R9) : Emu.pop();
25 |
26 | Emu.SetReg(REG_EAX, 1);
27 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
28 | return true;
29 | };
30 | GetPath.install('gdi32.dll', 'GetPath');
31 |
32 | /*
33 | ###################################################################################################
34 | ###################################################################################################
35 | */
36 |
37 |
38 |
39 | var SelectObject = new ApiHook();
40 | /*
41 | HGDIOBJ SelectObject(
42 | HDC hdc,
43 | HGDIOBJ h
44 | );
45 | */
46 | SelectObject.OnCallBack = function (Emu, API, ret) {
47 |
48 | Emu.pop(); // pop return address ..
49 |
50 | var hdc = Emu.isx64 ? Emu.ReadReg(REG_RCX) : Emu.pop();
51 | var h = Emu.isx64 ? Emu.ReadReg(REG_EDX) : Emu.pop();
52 |
53 | Emu.SetReg(REG_EAX, 0);
54 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
55 | return true;
56 | };
57 | SelectObject.install('gdi32.dll', 'SelectObject');
58 |
59 | /*
60 | ###################################################################################################
61 | ###################################################################################################
62 | */
63 |
64 |
--------------------------------------------------------------------------------
/Build/hooks/kernel32_desktop.js:
--------------------------------------------------------------------------------
1 | 'use strict';
2 |
3 | var GetTapePosition = new ApiHook();
4 | /*
5 | DWORD GetTapePosition(
6 | HANDLE hDevice,
7 | DWORD dwPositionType,
8 | LPDWORD lpdwPartition,
9 | LPDWORD lpdwOffsetLow,
10 | LPDWORD lpdwOffsetHigh
11 | );
12 | */
13 | GetTapePosition.OnCallBack = function (Emu, API, ret) {
14 |
15 | Emu.pop();// return addr
16 |
17 | var hDevice = Emu.isx64 ? Emu.ReadReg(REG_RCX) : Emu.pop();
18 | var dwPositionType = Emu.isx64 ? Emu.ReadReg(REG_EDX) : Emu.pop();
19 | var lpdwPartition = Emu.isx64 ? Emu.ReadReg(REG_R8) : Emu.pop();
20 | var lpdwOffsetLow = Emu.isx64 ? Emu.ReadReg(REG_R9) : Emu.pop();
21 | // 32 Shadow for x64 as MS describe it :D
22 | var lpdwOffsetHigh = Emu.isx64 ? (Emu.ReadReg(REG_RSP) + 32) : Emu.pop();
23 |
24 | // warn --> was testing on emotet sample :D
25 | warn("GetTapePosition('0x{0}')".format(hDevice));
26 |
27 | Emu.SetReg(Emu.isx64 ? REG_RAX : REG_EAX, 6);
28 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
29 | return true;
30 | };
31 | GetTapePosition.install('kernel32.dll', 'GetTapePosition');
32 |
33 | /*
34 | ###################################################################################################
35 | ###################################################################################################
36 | */
37 |
38 |
39 |
40 |
--------------------------------------------------------------------------------
/Build/hooks/kernelbase.js:
--------------------------------------------------------------------------------
1 | 'use strict';
2 |
3 | var KernelBaseGetGlobalData = new ApiHook();
4 | KernelBaseGetGlobalData.OnCallBack = function (Emu, API, ret) {
5 |
6 | // let the lib handle it
7 | return true;
8 | };
9 |
10 | KernelBaseGetGlobalData.install('kernelbase.dll', 'KernelBaseGetGlobalData');
11 |
12 | /*
13 | ###################################################################################################
14 | ###################################################################################################
15 | */
16 |
17 | var KBGetThreadLocale = new ApiHook();
18 | KBGetThreadLocale.OnCallBack = function (Emu, API, ret) {
19 | // let the lib handle it
20 | return true;
21 | };
22 |
23 | KBGetThreadLocale.install('kernelbase.dll', 'GetThreadLocale');
24 |
25 | /*
26 | ###################################################################################################
27 | ###################################################################################################
28 | */
--------------------------------------------------------------------------------
/Build/hooks/lpk.js:
--------------------------------------------------------------------------------
1 | // @ts-check
2 | ///
3 | ///
4 | ///
5 |
6 | 'use strict';
7 |
8 | var LpkDllInitialize = new ApiHook();
9 | LpkDllInitialize.OnCallBack = function (Emu, API, ret) {
10 |
11 | // just let the library handle it :D
12 | return true;
13 | };
14 | LpkDllInitialize.install('lpk.dll', 'LpkDllInitialize');
15 |
16 | /*
17 | ###################################################################################################
18 | ###################################################################################################
19 | */
20 | var LpkPresent = new ApiHook();
21 | LpkPresent.OnCallBack = function (Emu, API, ret) {
22 |
23 | // just let the library handle it :D
24 | return true;
25 | };
26 | LpkPresent.install('usp10.dll', 'LpkPresent');
27 |
28 | /*
29 | ###################################################################################################
30 | ###################################################################################################
31 | */
32 |
33 |
--------------------------------------------------------------------------------
/Build/hooks/ole32.js:
--------------------------------------------------------------------------------
1 | // @ts-check
2 | ///
3 | ///
4 | ///
5 |
6 | 'use strict';
7 |
8 | var OleInitialize = new ApiHook();
9 | /*
10 | HRESULT OleInitialize(
11 | IN LPVOID pvReserved
12 | );
13 | */
14 | OleInitialize.OnCallBack = function (Emu, API, ret) {
15 |
16 | Emu.pop(); // ret
17 |
18 | var pvReserved = Emu.isx64 ? Emu.ReadReg(REG_ECX) : Emu.pop();
19 |
20 | log('OleInitialize(0x{0})'.format(
21 | pvReserved.toString(16)
22 | ));
23 |
24 | Emu.SetReg(Emu.isx64 ? REG_RAX : REG_EAX, 0);
25 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
26 | return true;
27 | };
28 | OleInitialize.install('uxtheme.dll', 'OleInitialize');
29 |
30 | /*
31 | ###################################################################################################
32 | ###################################################################################################
33 | */
34 | //
35 |
36 |
37 | var CoFileTimeNow = new ApiHook();
38 | /*
39 | HRESULT CoFileTimeNow(
40 | FILETIME *lpFileTime
41 | );
42 | */
43 | CoFileTimeNow.OnCallBack = function (Emu, API, ret) {
44 |
45 | Emu.pop(); // ret
46 |
47 | var lpFileTime = Emu.isx64 ? Emu.ReadReg(REG_ECX) : Emu.pop();
48 |
49 | var data = [0x90, 0x69, 0x45, 0xA5, 0xA3, 0xC4, 0xD4, 0x01];
50 | Emu.WriteMem(lpFileTime,data);
51 |
52 | log('CoFileTimeNow(0x{0})'.format(
53 | lpFileTime.toString(16)
54 | ));
55 |
56 | Emu.SetReg(Emu.isx64 ? REG_RAX : REG_EAX, 0);
57 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
58 | return true;
59 | };
60 | CoFileTimeNow.install('ole32.dll', 'CoFileTimeNow');
61 |
62 | /*
63 | ###################################################################################################
64 | ###################################################################################################
65 | */
66 |
67 |
68 |
--------------------------------------------------------------------------------
/Build/hooks/powrprof.js:
--------------------------------------------------------------------------------
1 | // @ts-check
2 | ///
3 | ///
4 | ///
5 |
6 | 'use strict';
7 |
8 | var GetActivePwrScheme = new ApiHook();
9 | /*
10 | BOOLEAN GetActivePwrScheme(
11 | PUINT puiID
12 | );
13 | */
14 | GetActivePwrScheme.OnCallBack = function (Emu, API, ret) {
15 |
16 | Emu.pop(); // ret
17 | var puiID = Emu.isx64 ? Emu.ReadReg(REG_RCX) : Emu.pop();
18 | Emu.WriteDword(puiID,0);// taken from x64dbg :P
19 |
20 | Emu.SetReg(REG_EAX, 1);
21 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
22 | return true;
23 | };
24 | GetActivePwrScheme.install('powrprof.dll', 'GetActivePwrScheme');
25 |
26 | /*
27 | ###################################################################################################
28 | ###################################################################################################
29 | */
30 |
--------------------------------------------------------------------------------
/Build/hooks/shell32.js:
--------------------------------------------------------------------------------
1 | // @ts-check
2 | ///
3 | ///
4 | ///
5 |
6 | 'use strict';
7 |
8 | var CommandLineToArgvW = new ApiHook();
9 | /*
10 | LPWSTR * CommandLineToArgvW(
11 | LPCWSTR lpCmdLine,
12 | int *pNumArgs
13 | );
14 | */
15 | CommandLineToArgvW.OnCallBack = function (Emu, API, ret) {
16 |
17 | Emu.pop(); // pop return address ..
18 |
19 | var lpCmdLine = Emu.isx64 ? Emu.ReadReg(REG_RCX) : Emu.pop();
20 | var pNumArgs = Emu.isx64 ? Emu.ReadReg(REG_EDX) : Emu.pop();
21 |
22 | Emu.WriteDword(lpCmdLine-4,lpCmdLine);
23 | Emu.WriteDword(lpCmdLine-8,lpCmdLine);
24 | Emu.WriteWord(pNumArgs,2);
25 |
26 | console.log("CommandLineToArgvW(0x{0}, 0x{1})".format(
27 | lpCmdLine.toString(16),
28 | pNumArgs.toString(16)
29 | ));
30 |
31 | Emu.SetReg(Emu.isx64 ? REG_RAX : REG_EAX, lpCmdLine-8); // A pointer to an array of LPWSTR values, similar to argv.
32 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
33 | return true; // we handled the Stack and other things :D .
34 | };
35 |
36 | CommandLineToArgvW.install('shell32.dll', 'CommandLineToArgvW');
37 |
38 | /*
39 | ###################################################################################################
40 | ###################################################################################################
41 | */
42 |
43 |
--------------------------------------------------------------------------------
/Build/hooks/shlwapi.js:
--------------------------------------------------------------------------------
1 | // @ts-check
2 | ///
3 | ///
4 | ///
5 |
6 | 'use strict';
7 |
8 | var PathStripPath = new ApiHook();
9 | /*
10 | void PathStripPath(
11 | LPSTR pszPath
12 | );
13 | */
14 | PathStripPath.OnCallBack = function (Emu, API, ret) {
15 |
16 | Emu.pop(); // return addr
17 |
18 | var pszPath = Emu.isx64 ? Emu.ReadReg(REG_RCX) : Emu.pop();
19 | var path = Emu.IsWapi ? Emu.ReadStringW(pszPath) : Emu.ReadStringA(pszPath);
20 | var filename = path.split(/[\\\/]/).pop(); // path.substring(path.lastIndexOf('\\')+1);
21 |
22 |
23 | if (filename !== '') {
24 | var len = Emu.IsWapi ? Emu.WriteStringW(pszPath,filename) : Emu.WriteStringA(pszPath,filename);
25 | Emu.WriteByte(pszPath+len,0);
26 | }
27 |
28 |
29 | log("{0}(0x{1} = '{2}') = '{3}' ".format(
30 | API.name,
31 | pszPath.toString(16),
32 | path,
33 | filename
34 | ));
35 |
36 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
37 | return true;
38 | };
39 |
40 | PathStripPath.install('shlwapi.dll', 'PathStripPathA');
41 | PathStripPath.install('shlwapi.dll', 'PathStripPathW');
42 |
43 | /*
44 | ###################################################################################################
45 | ###################################################################################################
46 | */
47 |
48 |
49 | var PathFindFileName = new ApiHook();
50 |
51 | PathFindFileName.OnCallBack = function (Emu, API, ret) {
52 |
53 | // The Lib can handle it :D
54 | return true; // we handled the Stack and other things :D .
55 | };
56 |
57 | PathFindFileName.install('shlwapi.dll', 'PathFindFileNameA');
58 | PathFindFileName.install('shlwapi.dll', 'PathFindFileNameW');
59 |
60 | /*
61 | ###################################################################################################
62 | ###################################################################################################
63 | */
--------------------------------------------------------------------------------
/Build/hooks/urlmon.js:
--------------------------------------------------------------------------------
1 | 'use strict';
2 |
3 | var URLDownloadToFile = new ApiHook();
4 | /*
5 | HRESULT URLDownloadToFile(
6 | LPUNKNOWN pCaller,
7 | LPCTSTR szURL,
8 | LPCTSTR szFileName,
9 | DWORD dwReserved,
10 | LPBINDSTATUSCALLBACK lpfnCB
11 | );
12 | */
13 | URLDownloadToFile.OnCallBack = function (Emu, API, ret) {
14 |
15 | Emu.pop(); // PC
16 |
17 | var pCaller = Emu.isx64 ? Emu.ReadReg(REG_RCX) : Emu.pop();
18 | var url = Emu.isx64 ? Emu.ReadReg(REG_RDX) : Emu.pop();
19 | var filename = Emu.isx64 ? Emu.ReadReg(REG_R8) : Emu.pop();
20 | var dwReserved = Emu.isx64 ? Emu.ReadReg(REG_R9D) : Emu.pop();
21 | // 32 Shadow space for x64 as MS describe it :V
22 | // not we are at the 5th param .
23 | var lpfnCB = Emu.isx64 ? (Emu.ReadReg(REG_RSP) + 32) : Emu.pop();
24 |
25 | warn("0x{0} : {1}(0, '{2}', '{3}', {4}, {5})".format(
26 | ret.toString(16),
27 | API.name,
28 | API.IsWapi ? Emu.ReadStringW(url) : Emu.ReadStringA(url),
29 | API.IsWapi ? Emu.ReadStringW(filename) : Emu.ReadStringA(filename),
30 | dwReserved,
31 | lpfnCB
32 | ));
33 |
34 | Emu.SetReg(Emu.isx64 ? REG_RAX : REG_EAX, 0); // return 0 << from MS docs.
35 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
36 | return true; // true if you handle it false if you want Emu to handle it and set PC .
37 | };
38 | URLDownloadToFile.install('urlmon.dll', 'URLDownloadToFileA');
39 | URLDownloadToFile.install('urlmon.dll', 'URLDownloadToFileW');
40 |
41 | /*
42 | ###################################################################################################
43 | ###################################################################################################
44 | */
45 |
--------------------------------------------------------------------------------
/Build/hooks/uxtheme.js:
--------------------------------------------------------------------------------
1 | // @ts-check
2 | ///
3 | ///
4 | ///
5 |
6 | 'use strict';
7 |
8 | var IsThemeActive = new ApiHook();
9 | IsThemeActive.OnCallBack = function (Emu, API, ret) {
10 |
11 | Emu.pop(); // ret
12 |
13 | print('0x',ret.toString(16),' IsThemeActive');
14 |
15 | Emu.SetReg(REG_EAX, 1);
16 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
17 | return true;
18 | };
19 | IsThemeActive.install('uxtheme.dll', 'IsThemeActive');
20 |
21 | /*
22 | ###################################################################################################
23 | ###################################################################################################
24 | */
25 |
--------------------------------------------------------------------------------
/Build/hooks/wininet.js:
--------------------------------------------------------------------------------
1 | 'use strict';
2 |
3 | var InternetGetConnectedState = new ApiHook();
4 | /*
5 | BOOLAPI InternetGetConnectedState(
6 | LPDWORD lpdwFlags,
7 | DWORD dwReserved
8 | );
9 | */
10 | InternetGetConnectedState.OnCallBack = function (Emu, API, ret) {
11 |
12 | Emu.pop(); // pop return address ..
13 |
14 | var lpdwFlags = Emu.isx64 ? Emu.ReadReg(REG_RCX) : Emu.pop();
15 | var dwReserved = Emu.isx64 ? Emu.ReadReg(REG_RDX) : Emu.pop();
16 |
17 | log("InternetGetConnectedState(0x{0}, 0x{1})".format(
18 | lpdwFlags.toString(16),
19 | dwReserved.toString(16)
20 | ));
21 |
22 | Emu.SetReg(Emu.isx64 ? REG_RAX : REG_EAX, 0);
23 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
24 | return true; // true if you handle it / false if you want Emu to handle it and set PC to (pop ret) .
25 | };
26 |
27 | InternetGetConnectedState.install('wininet.dll', 'InternetGetConnectedState');
28 |
29 | /*
30 | ###################################################################################################
31 | ###################################################################################################
32 | */
--------------------------------------------------------------------------------
/Build/hooks/wtsapi32.js:
--------------------------------------------------------------------------------
1 | // @ts-check
2 | ///
3 | ///
4 | ///
5 |
6 | 'use strict';
7 |
8 | var WTSSendMessage = new ApiHook();
9 | /*
10 | BOOL WTSSendMessage(
11 | IN HANDLE hServer,
12 | IN DWORD SessionId,
13 | LPSTR pTitle,
14 | IN DWORD TitleLength,
15 | LPSTR pMessage,
16 | IN DWORD MessageLength,
17 | IN DWORD Style,
18 | IN DWORD Timeout,
19 | DWORD *pResponse,
20 | IN BOOL bWait
21 | );
22 | */
23 | WTSSendMessage.OnCallBack = function (Emu, API, ret) {
24 |
25 | Emu.pop();
26 |
27 | var hServer = Emu.isx64 ? Emu.ReadReg(REG_RCX) : Emu.pop();
28 | var SessionId = Emu.isx64 ? Emu.ReadReg(REG_EDX) : Emu.pop();
29 | var pTitle = Emu.isx64 ? Emu.ReadReg(REG_R8) : Emu.pop();
30 | var TitleLength = Emu.isx64 ? Emu.ReadReg(REG_R9) : Emu.pop();
31 | // 32 Shadow for x64 as MS describe it :D
32 | // not we are at the 5th param .
33 | var pMessage = Emu.isx64 ? (Emu.ReadReg(REG_RSP) + 32) : Emu.pop();
34 | var MessageLength = Emu.isx64 ? (Emu.ReadReg(REG_RSP) + 32 + (8 * 1)) : Emu.pop();
35 | var Style = Emu.isx64 ? (Emu.ReadReg(REG_RSP) + 32 + (8 * 2)) : Emu.pop();
36 | var Timeout = Emu.isx64 ? (Emu.ReadReg(REG_RSP) + 32 + (8 * 3)) : Emu.pop();
37 | var pResponse = Emu.isx64 ? (Emu.ReadReg(REG_RSP) + 32 + (8 * 4)) : Emu.pop();
38 | var bWait = Emu.isx64 ? (Emu.ReadReg(REG_RSP) + 32 + (8 * 5)) : Emu.pop();
39 |
40 |
41 | var title = API.IsWapi ? Emu.ReadStringW(pTitle) : Emu.ReadStringA(pTitle);
42 | var msg = API.IsWapi ? Emu.ReadStringW(pMessage) : Emu.ReadStringA(pMessage);
43 |
44 | warn("WTSSendMessage{0}('{1}','{2}')".format(
45 | API.IsWapi ? 'W' : 'A',
46 | title,
47 | msg
48 | ))
49 |
50 | Emu.SetReg(Emu.isx64 ? REG_RAX : REG_EAX, 1);
51 | Emu.SetReg(Emu.isx64 ? REG_RIP : REG_EIP, ret);
52 |
53 | return true;
54 | };
55 |
56 | WTSSendMessage.install('wtsapi32.dll','WTSSendMessageA');
57 | WTSSendMessage.install('wtsapi32.dll','WTSSendMessageW');
58 |
59 | /*
60 | ###################################################################################################
61 | ###################################################################################################
62 | */
63 |
64 |
65 |
66 |
67 |
68 |
--------------------------------------------------------------------------------
/Build/libraries/linux/libZydis.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Build/libraries/linux/libZydis.a
--------------------------------------------------------------------------------
/Build/libraries/linux/libunicorn.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Build/libraries/linux/libunicorn.so
--------------------------------------------------------------------------------
/Build/libraries/osx/libZydis.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Build/libraries/osx/libZydis.a
--------------------------------------------------------------------------------
/Build/libraries/osx/libunicorn.dylib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Build/libraries/osx/libunicorn.dylib
--------------------------------------------------------------------------------
/Build/libraries/win32/libZydis32.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Build/libraries/win32/libZydis32.a
--------------------------------------------------------------------------------
/Build/libraries/win32/quickjs32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Build/libraries/win32/quickjs32.dll
--------------------------------------------------------------------------------
/Build/libraries/win32/unicorn32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Build/libraries/win32/unicorn32.dll
--------------------------------------------------------------------------------
/Build/libraries/win64/libZydis64.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Build/libraries/win64/libZydis64.a
--------------------------------------------------------------------------------
/Build/libraries/win64/unicorn64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Build/libraries/win64/unicorn64.dll
--------------------------------------------------------------------------------
/Cmulator.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Cmulator.rar
--------------------------------------------------------------------------------
/Cmulator_ty.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Cmulator_ty.rar
--------------------------------------------------------------------------------
/Core/JSON/.gitignore:
--------------------------------------------------------------------------------
1 | *.dcu
2 | __history
3 |
--------------------------------------------------------------------------------
/Core/JSON/supertypes.pas:
--------------------------------------------------------------------------------
1 | unit supertypes;
2 |
3 | {$IFDEF FPC}
4 | {$MODE OBJFPC}{$H+}
5 | {$ENDIF}
6 |
7 | interface
8 |
9 | type
10 | {$IFNDEF FPC}
11 | {$IFDEF CPUX64}
12 | PtrInt = Int64;
13 | PtrUInt = UInt64;
14 | {$ELSE}
15 | PtrInt = longint;
16 | PtrUInt = Longword;
17 | {$ENDIF}
18 | {$ENDIF}
19 | SuperInt = Int64;
20 |
21 | {$if (sizeof(Char) = 1)}
22 | SOChar = WideChar;
23 | SOIChar = Word;
24 | PSOChar = PWideChar;
25 | {$IFDEF FPC}
26 | SOString = UnicodeString;
27 | {$ELSE}
28 | SOString = WideString;
29 | {$ENDIF}
30 | {$else}
31 | SOChar = Char;
32 | SOIChar = Word;
33 | PSOChar = PChar;
34 | SOString = string;
35 | {$ifend}
36 | implementation
37 |
38 | end.
39 |
--------------------------------------------------------------------------------
/Core/PE/.gitignore:
--------------------------------------------------------------------------------
1 | PsAPI.pas
2 | TlHelp32.pas
3 |
--------------------------------------------------------------------------------
/Core/PE/NullStream.pas:
--------------------------------------------------------------------------------
1 | unit NullStream;
2 |
3 | interface
4 |
5 | uses
6 | Classes,
7 | SysUtils;
8 |
9 | type
10 | TNullStream = class(TStream)
11 | private
12 | FPosition: int64;
13 | FSize: int64;
14 | protected
15 | procedure SetSize(NewSize: Integer); override;
16 | public
17 | function Seek(const Offset: int64; Origin: TSeekOrigin): int64; override;
18 | function Read(var Buffer; Count: Longint): Longint; override;
19 | function Write(const Buffer; Count: Longint): Longint; override;
20 | end;
21 |
22 | implementation
23 |
24 | { TNullStream }
25 |
26 | procedure TNullStream.SetSize(NewSize: Integer);
27 | begin
28 | FSize := NewSize;
29 | end;
30 |
31 | function TNullStream.Seek(const Offset: int64; Origin: TSeekOrigin): int64;
32 | begin
33 | case Origin of
34 | soBeginning:
35 | FPosition := Offset;
36 | soCurrent:
37 | Inc(FPosition, Offset);
38 | soEnd:
39 | FPosition := FSize + Offset;
40 | end;
41 | Result := FPosition;
42 | end;
43 |
44 | function TNullStream.Read(var Buffer; Count: Integer): Longint;
45 | begin
46 | raise Exception.Create('Null stream cannot read');
47 | end;
48 |
49 | function TNullStream.Write(const Buffer; Count: Integer): Longint;
50 | var
51 | pos: int64;
52 | begin
53 | if (FPosition >= 0) and (Count >= 0) then
54 | begin
55 | pos := FPosition + Count;
56 | if pos > FSize then
57 | FSize := pos;
58 | FPosition := pos;
59 | exit(Count);
60 | end;
61 | exit(0);
62 | end;
63 |
64 | end.
65 |
--------------------------------------------------------------------------------
/Core/PE/PE.Build.Common.pas:
--------------------------------------------------------------------------------
1 | unit PE.Build.Common;
2 |
3 | interface
4 |
5 | uses
6 | Classes,
7 | PE.Common,
8 | PE.Image,
9 | NullStream;
10 |
11 | type
12 | // Parent class for any directory builders.
13 | // Override Build procedure and fill Stream with new dir data.
14 | TDirectoryBuilder = class
15 | protected
16 | FPE: TPEImage;
17 | public
18 | constructor Create(PE: TPEImage);
19 |
20 | // Builds bogus directory and return size.
21 | // Override it if you have better implementation.
22 | function EstimateTheSize: uint32; virtual;
23 |
24 | // Build directory data and store it to stream.
25 | // * DirRVA: RVA of directory start.
26 | // * Stream: Stream to store data.
27 | procedure Build(DirRVA: TRVA; Stream: TStream); virtual; abstract;
28 |
29 | // If new section created, it's called to get the flags.
30 | class function GetDefaultSectionFlags: uint32; virtual; abstract;
31 |
32 | // If new section created, it's called to get the name.
33 | class function GetDefaultSectionName: string; virtual; abstract;
34 |
35 | // Return True if need to call Build each time when DirRVA changed.
36 | class function NeedRebuildingIfRVAChanged: boolean; virtual; abstract;
37 | end;
38 |
39 | TDirectoryBuilderClass = class of TDirectoryBuilder;
40 |
41 | implementation
42 |
43 |
44 | { TDirBuilder }
45 |
46 | constructor TDirectoryBuilder.Create(PE: TPEImage);
47 | begin
48 | FPE := PE;
49 | end;
50 |
51 | function TDirectoryBuilder.EstimateTheSize: uint32;
52 | var
53 | tmp: TNullStream;
54 | begin
55 | tmp := TNullStream.Create;
56 | try
57 | Build(0, tmp);
58 | Result := tmp.Size;
59 | finally
60 | tmp.Free;
61 | end;
62 | end;
63 |
64 | end.
65 |
--------------------------------------------------------------------------------
/Core/PE/PE.Build.Relocs.pas:
--------------------------------------------------------------------------------
1 | unit PE.Build.Relocs;
2 |
3 | interface
4 |
5 | uses
6 | System.Classes,
7 | PE.Common,
8 | PE.Build.Common,
9 | PE.Types.Relocations,
10 | PE.Utils;
11 |
12 | type
13 | TRelocBuilder = class(TDirectoryBuilder)
14 | public
15 | procedure Build(DirRVA: TRVA; Stream: TStream); override;
16 | class function GetDefaultSectionFlags: uint32; override;
17 | class function GetDefaultSectionName: string; override;
18 | class function NeedRebuildingIfRVAChanged: boolean; override;
19 | end;
20 |
21 | implementation
22 |
23 | const
24 | RELOC_BLOCK_ALIGN = $1000;
25 |
26 | { TRelocBuilder }
27 |
28 | function CalcBaseRVA(RVA: TRVA): TRVA; inline;
29 | begin
30 | Result := AlignDown(RVA, RELOC_BLOCK_ALIGN);
31 | end;
32 |
33 | procedure TRelocBuilder.Build(DirRVA: TRVA; Stream: TStream);
34 | var
35 | Block: TBaseRelocationBlock;
36 | Cur: TRelocTree.TRBNodePtr;
37 | NextBlockRVA: TRVA;
38 | Pos0, Pos1: UInt64;
39 | Entry: TBaseRelocationEntry;
40 | begin
41 | if FPE.Relocs.Count = 0 then
42 | Exit;
43 | // Relocations are already sorted by RVA.
44 | Cur := FPE.Relocs.Items.First;
45 | while (Cur <> nil) do
46 | begin
47 | // New block.
48 | Pos0 := Stream.Position;
49 | Stream.Position := Pos0 + SizeOf(Block);
50 | Block.PageRVA := CalcBaseRVA(Cur^.K.RVA);
51 | NextBlockRVA := Block.PageRVA + RELOC_BLOCK_ALIGN;
52 | // Entries.
53 | while (Cur <> nil) and (Cur^.K.RVA < NextBlockRVA) do
54 | begin
55 | Entry.raw := (Cur^.K.RVA and $0FFF) or (Cur^.K.&Type shl 12);
56 | Stream.Write(Entry, SizeOf(Entry));
57 | Cur := FPE.Relocs.Items.GetNext(Cur);
58 | end;
59 | // If not last block, check if need align for next block.
60 | if (Cur <> nil) then
61 | begin
62 | // Each block must start on a 32-bit boundary.
63 | Entry.raw := 0;
64 | while (Stream.Position mod 4) <> 0 do
65 | Stream.Write(Entry, SizeOf(Entry));
66 | end;
67 | // Write block header.
68 | Pos1 := Stream.Position;
69 | Block.BlockSize := Pos1 - Pos0;
70 | // Write block record.
71 | Stream.Position := Pos0;
72 | Stream.Write(Block, SizeOf(Block));
73 | Stream.Position := Pos1;
74 | end;
75 | end;
76 |
77 | class function TRelocBuilder.GetDefaultSectionFlags: uint32;
78 | begin
79 | Result := $42000040; // Readable, Discardable, Initialized data.
80 | end;
81 |
82 | class function TRelocBuilder.GetDefaultSectionName: string;
83 | begin
84 | Result := '.reloc';
85 | end;
86 |
87 | class function TRelocBuilder.NeedRebuildingIfRVAChanged: boolean;
88 | begin
89 | Result := False;
90 | end;
91 |
92 | end.
93 |
--------------------------------------------------------------------------------
/Core/PE/PE.COFF.Types.pas:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Core/PE/PE.COFF.Types.pas
--------------------------------------------------------------------------------
/Core/PE/PE.COFF.pas:
--------------------------------------------------------------------------------
1 | unit PE.COFF;
2 |
3 | interface
4 |
5 | uses
6 | Classes,
7 | SysUtils,
8 | PE.COFF.Types;
9 |
10 | type
11 | TCOFF = class
12 | private
13 | FPE: TObject;
14 | FStrings: TBytes;
15 | procedure LoadStrings(AStream: TStream);
16 | public
17 | constructor Create(PEImage: TObject);
18 |
19 | procedure Clear;
20 | procedure LoadFromStream(AStream: TStream);
21 |
22 | function GetString(Offset: integer; out Str: String): boolean;
23 | end;
24 |
25 | implementation
26 |
27 | uses
28 | // Expand
29 | PE.Types.FileHeader,
30 | //
31 | PE.Common,
32 | PE.Image,
33 | PE.Utils;
34 |
35 | { TCOFF }
36 |
37 | procedure TCOFF.Clear;
38 | begin
39 | SetLength(FStrings, 0);
40 | end;
41 |
42 | constructor TCOFF.Create(PEImage: TObject);
43 | begin
44 | self.FPE := PEImage;
45 | end;
46 |
47 | function TCOFF.GetString(Offset: integer; out Str: String): boolean;
48 | begin
49 | Result := (Offset >= 0) and (Offset < Length(FStrings));
50 | if Result then
51 | Str := String(PAnsiChar(@FStrings[Offset]));
52 | end;
53 |
54 | procedure TCOFF.LoadFromStream(AStream: TStream);
55 | begin
56 | LoadStrings(AStream);
57 | end;
58 |
59 | procedure TCOFF.LoadStrings(AStream: TStream);
60 | var
61 | StrTableOfs, EndPos: uint64;
62 | cbStringData: uint32;
63 | FileHdr: TImageFileHeader;
64 | begin
65 | Clear;
66 |
67 | // 4.6. COFF String Table
68 |
69 | FileHdr := TPEImage(FPE).FileHeader^;
70 |
71 | if FileHdr.PointerToSymbolTable = 0 then
72 | exit;
73 |
74 | if FileHdr.PointerToSymbolTable >= AStream.Size then
75 | begin
76 | TPEImage(FPE).Msg.Write('[FileHeader] Bad PointerToSymbolTable (0x%x)', [FileHdr.PointerToSymbolTable]);
77 | exit;
78 | end;
79 |
80 | StrTableOfs :=
81 | FileHdr.PointerToSymbolTable +
82 | FileHdr.NumberOfSymbols * SizeOf(TCOFFSymbolTable);
83 |
84 | if not StreamSeek(AStream, StrTableOfs) then
85 | exit; // table not found
86 |
87 | if not StreamPeek(AStream, cbStringData, SizeOf(cbStringData)) then
88 | exit;
89 |
90 | EndPos := AStream.Position + cbStringData;
91 |
92 | if EndPos > AStream.Size then
93 | exit;
94 |
95 | // Load string block.
96 | if cbStringData <> 0 then
97 | begin
98 | SetLength(FStrings, cbStringData);
99 | StreamRead(AStream, FStrings[0], cbStringData);
100 | end;
101 | end;
102 |
103 | end.
104 |
--------------------------------------------------------------------------------
/Core/PE/PE.FileHeaderToStr.pas:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Core/PE/PE.FileHeaderToStr.pas
--------------------------------------------------------------------------------
/Core/PE/PE.Image.Defaults.pas:
--------------------------------------------------------------------------------
1 | unit PE.Image.Defaults;
2 |
3 | interface
4 |
5 | type
6 | TPEDefaults = record
7 | private
8 | FPE: TObject;
9 | public
10 | constructor Create(PEImage: TObject);
11 |
12 | procedure SetImageBits;
13 | procedure SetFileAlignment;
14 | procedure SetSectionAlignment;
15 | procedure SetFileHdr;
16 | procedure SetOptionalHeader;
17 | procedure SetLFANew;
18 |
19 | procedure SetAll;
20 | end;
21 |
22 | implementation
23 |
24 | uses
25 | // Expand
26 | PE.Headers,
27 | //
28 | PE.Common,
29 | PE.Image,
30 | PE.Types.DOSHeader,
31 | PE.Types.FileHeader;
32 |
33 | { TPEDefaults }
34 |
35 | constructor TPEDefaults.Create(PEImage: TObject);
36 | begin
37 | FPE := PEImage;
38 | end;
39 |
40 | procedure TPEDefaults.SetAll;
41 | begin
42 | SetLFANew;
43 | SetImageBits;
44 | SetFileAlignment;
45 | SetSectionAlignment;
46 | SetFileHdr;
47 | SetOptionalHeader;
48 |
49 | TPEImage(FPE).DataDirectories.Put(15, 0, 0); // 16 directories by default
50 | end;
51 |
52 | procedure TPEDefaults.SetFileAlignment;
53 | begin
54 | with TPEImage(FPE) do
55 | if FileAlignment = 0 then
56 | FileAlignment := DEFAULT_SECTOR_SIZE;
57 | end;
58 |
59 | procedure TPEDefaults.SetFileHdr;
60 | begin
61 | with TPEImage(FPE).FileHeader^ do
62 | begin
63 | if Machine = 0 then
64 | Machine := IMAGE_FILE_MACHINE_I386;
65 | if Characteristics = 0 then
66 | Characteristics := IMAGE_FILE_RELOCS_STRIPPED +
67 | IMAGE_FILE_EXECUTABLE_IMAGE + IMAGE_FILE_32BIT_MACHINE;
68 | end;
69 | end;
70 |
71 | procedure TPEDefaults.SetImageBits;
72 | begin
73 | with TPEImage(FPE) do
74 | if ImageBits = 0 then
75 | ImageBits := 32;
76 | end;
77 |
78 | procedure TPEDefaults.SetLFANew;
79 | begin
80 | if TPEImage(FPE).LFANew = 0 then
81 | TPEImage(FPE).LFANew := SizeOf(TImageDosHeader);
82 | end;
83 |
84 | procedure TPEDefaults.SetOptionalHeader;
85 | begin
86 | with TPEImage(FPE).OptionalHeader^ do
87 | begin
88 | if MajorSubsystemVersion = 0 then
89 | MajorSubsystemVersion := 4;
90 | if SizeOfStackCommit = 0 then
91 | SizeOfStackCommit := $1000;
92 | if SizeOfHeapReserve = 0 then
93 | SizeOfHeapReserve := $100000;
94 | if Subsystem = 0 then
95 | Subsystem := IMAGE_SUBSYSTEM_WINDOWS_GUI;
96 | if ImageBase = 0 then
97 | ImageBase := $400000;
98 | end;
99 | end;
100 |
101 | procedure TPEDefaults.SetSectionAlignment;
102 | begin
103 | with TPEImage(FPE) do
104 | if SectionAlignment = 0 then
105 | SectionAlignment := DEFAULT_PAGE_SIZE;
106 | end;
107 |
108 | end.
109 |
--------------------------------------------------------------------------------
/Core/PE/PE.Imports.Func.pas:
--------------------------------------------------------------------------------
1 | unit PE.Imports.Func;
2 |
3 | interface
4 |
5 | uses
6 | Generics.Collections,
7 | SysUtils,
8 | PE.Common;
9 |
10 | type
11 | TPEImportFunction = class
12 | public
13 | Ordinal: uint16;
14 | Name: String;
15 | procedure Clear; inline;
16 | constructor CreateEmpty;
17 | constructor Create(const Name: String; Ordinal: uint16 = 0);
18 | end;
19 |
20 | TPEImportFunctionDelayed = class(TPEImportFunction)
21 | public
22 | end;
23 |
24 | TPEImportFunctions = TObjectList;
25 |
26 | implementation
27 |
28 | { TImportFunction }
29 |
30 | procedure TPEImportFunction.Clear;
31 | begin
32 | self.Ordinal := 0;
33 | self.Name := '';
34 | end;
35 |
36 | constructor TPEImportFunction.Create(const Name: String; Ordinal: uint16);
37 | begin
38 | self.Name := Name;
39 | self.Ordinal := Ordinal;
40 | end;
41 |
42 | constructor TPEImportFunction.CreateEmpty;
43 | begin
44 | end;
45 |
46 | end.
47 |
--------------------------------------------------------------------------------
/Core/PE/PE.Imports.pas:
--------------------------------------------------------------------------------
1 | unit PE.Imports;
2 |
3 | interface
4 |
5 | uses
6 | Generics.Collections,
7 | SysUtils,
8 |
9 | PE.Common,
10 | PE.Imports.Func,
11 | PE.Imports.Lib;
12 |
13 | type
14 | TPEImportLibraryObjectList = TObjectList;
15 |
16 | TPEImport = class
17 | private
18 | FLibs: TPEImportLibraryObjectList;
19 | public
20 | constructor Create;
21 | destructor Destroy; override;
22 |
23 | procedure Clear;
24 |
25 | function Add(Lib: TPEImportLibrary): TPEImportLibrary; inline;
26 | function NewLib(const Name: string): TPEImportLibrary;
27 |
28 | property Libs: TPEImportLibraryObjectList read FLibs;
29 | end;
30 |
31 | implementation
32 |
33 | { TPEImports }
34 |
35 | constructor TPEImport.Create;
36 | begin
37 | inherited Create;
38 | FLibs := TPEImportLibraryObjectList.Create;
39 | end;
40 |
41 | destructor TPEImport.Destroy;
42 | begin
43 | FLibs.Free;
44 | inherited;
45 | end;
46 |
47 | function TPEImport.NewLib(const Name: string): TPEImportLibrary;
48 | begin
49 | result := Add(TPEImportLibrary.Create(Name));
50 | end;
51 |
52 | procedure TPEImport.Clear;
53 | begin
54 | FLibs.Clear;
55 | end;
56 |
57 | function TPEImport.Add(Lib: TPEImportLibrary): TPEImportLibrary;
58 | begin
59 | FLibs.Add(Lib);
60 | result := Lib;
61 | end;
62 |
63 | end.
64 |
--------------------------------------------------------------------------------
/Core/PE/PE.Msg.pas:
--------------------------------------------------------------------------------
1 | unit PE.Msg;
2 |
3 | interface
4 |
5 | type
6 | TMsgProc = procedure(Text: PWideChar); stdcall;
7 |
8 | TMsgMgr = record
9 | private
10 | FMsgProc: TMsgProc;
11 | public
12 | constructor Create(AMsgProc: TMsgProc);
13 |
14 | procedure Write(const AText: UnicodeString); overload;
15 | procedure Write(const AFmt: UnicodeString; const AArgs: array of const); overload;
16 |
17 | procedure Write(const Category: string; AText: UnicodeString); overload;
18 | procedure Write(const Category: string; AFmt: UnicodeString; const AArgs: array of const); overload;
19 | end;
20 |
21 | PMsgMgr = ^TMsgMgr;
22 |
23 | implementation
24 |
25 | uses
26 | SysUtils;
27 |
28 | { TMessageMgr }
29 |
30 | procedure TMsgMgr.Write(const AText: UnicodeString);
31 | begin
32 | if Assigned(FMsgProc) then
33 | FMsgProc(PWideChar(AText));
34 | end;
35 |
36 | constructor TMsgMgr.Create(AMsgProc: TMsgProc);
37 | begin
38 | FMsgProc := AMsgProc;
39 | end;
40 |
41 | procedure TMsgMgr.Write(const AFmt: UnicodeString; const AArgs: array of const);
42 | begin
43 | Write(Format(AFmt, AArgs));
44 | end;
45 |
46 | procedure TMsgMgr.Write(const Category: string; AText: UnicodeString);
47 | begin
48 | write(Format('[%s] %s', [Category, AText]));
49 | end;
50 |
51 | procedure TMsgMgr.Write(const Category: string; AFmt: UnicodeString;
52 | const AArgs: array of const);
53 | begin
54 | write(Category, Format(AFmt, AArgs));
55 | end;
56 |
57 | end.
58 |
--------------------------------------------------------------------------------
/Core/PE/PE.Parser.Headers.pas:
--------------------------------------------------------------------------------
1 | unit PE.Parser.Headers;
2 |
3 | interface
4 |
5 | uses
6 | Classes,
7 |
8 | PE.Common,
9 | PE.Types.DOSHeader,
10 | PE.Types.FileHeader,
11 | PE.Types.OptionalHeader,
12 | PE.Types.NTHeaders,
13 |
14 | PE.Utils;
15 |
16 | function LoadDosHeader(AStream: TStream; out AHdr: TImageDOSHeader): boolean;
17 | function LoadFileHeader(AStream: TStream; out AHdr: TImageFileHeader): boolean; inline;
18 |
19 | implementation
20 |
21 | function LoadDosHeader;
22 | begin
23 | Result := StreamRead(AStream, AHdr, SizeOf(AHdr)) and AHdr.e_magic.IsMZ;
24 | end;
25 |
26 | function LoadFileHeader;
27 | begin
28 | Result := StreamRead(AStream, AHdr, SizeOf(AHdr));
29 | end;
30 |
31 | end.
32 |
--------------------------------------------------------------------------------
/Core/PE/PE.Parser.PData.pas:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Core/PE/PE.Parser.PData.pas
--------------------------------------------------------------------------------
/Core/PE/PE.Parser.Relocs.pas:
--------------------------------------------------------------------------------
1 | unit PE.Parser.Relocs;
2 |
3 | interface
4 |
5 | uses
6 | PE.Common,
7 | PE.Types,
8 | PE.Types.Directories,
9 | PE.Types.Relocations;
10 |
11 | type
12 | TPERelocParser = class(TPEParser)
13 | public
14 | function Parse: TParserResult; override;
15 | end;
16 |
17 | implementation
18 |
19 | uses
20 | PE.Image;
21 |
22 | { TRelocParser }
23 |
24 | function TPERelocParser.Parse: TParserResult;
25 | var
26 | dir: TImageDataDirectory;
27 | block: TBaseRelocationBlock;
28 | blCnt, iBlock: Integer;
29 | entry: TBaseRelocationEntry;
30 | r_ofs, r_type: dword;
31 | r_rva: dword;
32 | Ofs: dword;
33 | reloc: TReloc;
34 | PE: TPEImage;
35 | var
36 | tmpRVA: TRVA;
37 | begin
38 | PE := TPEImage(FPE);
39 | PE.Relocs.Clear;
40 |
41 | if not PE.DataDirectories.Get(DDIR_RELOCATION, @dir) then
42 | exit(PR_OK);
43 |
44 | if dir.IsEmpty then
45 | exit(PR_OK);
46 |
47 | if not PE.SeekRVA(dir.VirtualAddress) then
48 | begin
49 | PE.Msg.Write(SCategoryRelocs, 'Bad directory RVA (0x%x)', [dir.VirtualAddress]);
50 | exit(PR_ERROR);
51 | end;
52 |
53 | Ofs := 0;
54 |
55 | while (Ofs < dir.Size) do
56 | begin
57 | tmpRVA := PE.PositionRVA;
58 |
59 | if (not PE.ReadEx(@block, SizeOf(block))) then
60 | break;
61 |
62 | if Assigned(PE.ParseCallbacks) then
63 | PE.ParseCallbacks.ParsedRelocationBlockHeader(tmpRVA, block);
64 |
65 | if block.IsEmpty then
66 | break;
67 |
68 | inc(Ofs, SizeOf(block));
69 |
70 | if block.BlockSize < SizeOf(TBaseRelocationBlock) then
71 | begin
72 | PE.Msg.Write(SCategoryRelocs, 'Bad size of block (%d).', [block.BlockSize]);
73 | continue;
74 | end;
75 |
76 | blCnt := block.Count;
77 |
78 | for iBlock := 0 to blCnt - 1 do
79 | begin
80 | if (Ofs + SizeOf(entry)) > dir.Size then
81 | begin
82 | PE.Msg.Write(SCategoryRelocs, 'Relocation is out of table. PageRVA:0x%x #:%d', [block.PageRVA, iBlock]);
83 | PE.Msg.Write(SCategoryRelocs, 'Skipping next relocs.');
84 | exit(PR_OK);
85 | end;
86 |
87 | if not PE.ReadEx(@entry, SizeOf(entry)) then
88 | exit(PR_ERROR);
89 |
90 | inc(Ofs, SizeOf(entry));
91 | r_type := entry.GetType;
92 | r_ofs := entry.GetOffset;
93 | r_rva := r_ofs + block.PageRVA;
94 | if r_type <> IMAGE_REL_BASED_ABSOLUTE then
95 | begin
96 | reloc.RVA := r_rva;
97 | reloc.&Type := r_type;
98 | PE.Relocs.Put(reloc);
99 | end;
100 | end;
101 | end;
102 |
103 | exit(PR_OK);
104 | end;
105 |
106 | end.
107 |
--------------------------------------------------------------------------------
/Core/PE/PE.Parser.TLS.pas:
--------------------------------------------------------------------------------
1 | unit PE.Parser.TLS;
2 |
3 | interface
4 |
5 | uses
6 | SysUtils,
7 |
8 | PE.Common,
9 | PE.Types,
10 | PE.Types.Directories,
11 | PE.Types.TLS,
12 | PE.TLS;
13 |
14 | type
15 | TPETLSParser = class(TPEParser)
16 | public
17 | function Parse: TParserResult; override;
18 | end;
19 |
20 | implementation
21 |
22 | uses
23 | PE.Image;
24 |
25 | { TPETLSParser }
26 |
27 | function TPETLSParser.Parse: TParserResult;
28 | var
29 | PE: TPEImage;
30 | var
31 | Dir: TImageDataDirectory;
32 | TLSDir: TTLSDirectory;
33 | AddressofCallbacks: TVA;
34 | CurRVA, CallbackVA: uint64;
35 | bRead: boolean;
36 | begin
37 | PE := TPEImage(FPE);
38 |
39 | if not PE.DataDirectories.Get(DDIR_TLS, @Dir) then
40 | exit(PR_OK);
41 | if Dir.IsEmpty then
42 | exit(PR_OK);
43 |
44 | if not PE.SeekRVA(Dir.VirtualAddress) then
45 | begin
46 | PE.Msg.Write(SCategoryTLS, 'Incorrect directory RVA.');
47 | exit(PR_ERROR);
48 | end;
49 |
50 | case PE.ImageBits of
51 | 32:
52 | begin
53 | bRead := PE.ReadEx(TLSDir.tls32, SizeOf(TLSDir.tls32));
54 | AddressofCallbacks := TLSDir.tls32.AddressofCallbacks;
55 | end;
56 | 64:
57 | begin
58 | bRead := PE.ReadEx(TLSDir.tls64, SizeOf(TLSDir.tls64));
59 | AddressofCallbacks := TLSDir.tls64.AddressofCallbacks;
60 | end;
61 | else
62 | exit(PR_ERROR);
63 | end;
64 |
65 | if not bRead then
66 | begin
67 | PE.Msg.Write(SCategoryTLS, 'Failed to read directory.');
68 | exit(PR_ERROR);
69 | end;
70 |
71 | // Assign dir.
72 | PE.TLS.Dir := TLSDir;
73 |
74 | // Try to read callback addresses if available.
75 |
76 | // It's ok if there's no callbacks.
77 | if AddressofCallbacks = 0 then
78 | exit(PR_OK);
79 |
80 | if not PE.SeekVA(AddressofCallbacks) then
81 | begin
82 | PE.Msg.Write(SCategoryTLS, 'Incorrect address of callbacks.');
83 | exit(PR_OK);
84 | end;
85 |
86 | while True do
87 | begin
88 | CurRVA := PE.PositionRVA;
89 |
90 | // Try to read callback address.
91 | if not PE.ReadWordEx(0, @CallbackVA) then
92 | begin
93 | PE.Msg.Write(SCategoryTLS, 'Failed to read callback address at RVA: 0x%x. Probably malformed data.', [CurRVA]);
94 | break;
95 | end;
96 |
97 | // Is it terminator?
98 | if CallbackVA = 0 then
99 | break;
100 |
101 | // Does the address exist?
102 | if not PE.VAExists(CallbackVA) then
103 | begin
104 | PE.Msg.Write(SCategoryTLS, 'Bad callback address (0x%x) at RVA: 0x%x', [CallbackVA, CurRVA]);
105 | break;
106 | end;
107 |
108 | // Add existing address.
109 | PE.TLS.CallbackRVAs.Add(PE.VAToRVA(CallbackVA))
110 | end;
111 |
112 | exit(PR_OK);
113 | end;
114 |
115 | end.
116 |
--------------------------------------------------------------------------------
/Core/PE/PE.ParserCallbacks.pas:
--------------------------------------------------------------------------------
1 | unit PE.ParserCallbacks;
2 |
3 | interface
4 |
5 | uses
6 | PE.Common,
7 | PE.Types.Relocations;
8 |
9 | type
10 | IPEParserCallbacks = interface
11 | procedure ParsedRelocationBlockHeader(RVA: TRVA; const Block: TBaseRelocationBlock);
12 | end;
13 |
14 | implementation
15 |
16 | end.
17 |
--------------------------------------------------------------------------------
/Core/PE/PE.Resources.Extract.pas:
--------------------------------------------------------------------------------
1 | unit PE.Resources.Extract;
2 |
3 | interface
4 |
5 | uses
6 | PE.Common,
7 | PE.Resources;
8 |
9 | // Extract raw resource data from Root node and save it to Dir folder.
10 | // If Root is nil, the main root is taken.
11 | // Result is number of resources extracted.
12 | function ExtractRawResources(Img: TPEImageObject; const Dir: string;
13 | Root: TResourceTreeNode = nil): integer;
14 |
15 | implementation
16 |
17 | uses
18 | System.IOUtils,
19 | System.SysUtils,
20 | PE.Image;
21 |
22 | type
23 |
24 | { TExtractor }
25 |
26 | TExtractor = class
27 | private
28 | FImg: TPEImage;
29 | FDir: string;
30 | FCount: integer;
31 | function Callback(Node: TResourceTreeNode): boolean;
32 | public
33 | function Extract(Img: TPEImage; const Dir: string; Root: TResourceTreeNode): integer;
34 | end;
35 |
36 | function TExtractor.Callback(Node: TResourceTreeNode): boolean;
37 | var
38 | Leaf: TResourceTreeLeafNode;
39 | FileName: string;
40 | Path: string;
41 | begin
42 | if Node.IsLeaf then
43 | begin
44 | Leaf := Node as TResourceTreeLeafNode;
45 | // Make filename and path.
46 | FileName := Format('%s\%s', [FDir, Leaf.GetPath]);
47 | Path := ExtractFilePath(FileName);
48 | // Create path and save file.
49 | TDirectory.CreateDirectory(Path);
50 | Leaf.Data.SaveToFile(FileName);
51 | inc(FCount);
52 | end;
53 | Result := True; // continue
54 | end;
55 |
56 | function ExtractRawResources(Img: TPEImageObject; const Dir: string; Root: TResourceTreeNode = nil): integer;
57 | var
58 | Extractor: TExtractor;
59 | begin
60 | Extractor := TExtractor.Create;
61 | try
62 | Result := Extractor.Extract(Img as TPEImage,
63 | ExcludeTrailingPathDelimiter(Dir), Root);
64 | finally
65 | Extractor.Free;
66 | end;
67 | end;
68 |
69 | function TExtractor.Extract(Img: TPEImage; const Dir: string;
70 | Root: TResourceTreeNode): integer;
71 | begin
72 | FImg := Img;
73 | FDir := Dir;
74 | FCount := 0;
75 | if Root = nil then
76 | Root := Img.ResourceTree.Root;
77 | if Root = nil then
78 | Exit(0);
79 | TDirectory.CreateDirectory(Dir);
80 | Img.ResourceTree.Root.Traverse(Callback);
81 | Exit(FCount);
82 | end;
83 |
84 | end.
85 |
86 |
--------------------------------------------------------------------------------
/Core/PE/PE.Resources.Windows.Bitmap.pas:
--------------------------------------------------------------------------------
1 | unit PE.Resources.Windows.Bitmap;
2 |
3 | interface
4 |
5 | uses
6 | System.Classes,
7 | System.SysUtils,
8 |
9 | PE.Utils;
10 |
11 | // Parse RT_BITMAP into BMP stream.
12 | function ParseBitmapResource(const Stream: TStream): TStream;
13 |
14 | implementation
15 |
16 | {$ALIGN 1}
17 |
18 |
19 | type
20 | TBitmapFileHeader = record
21 | bfType: uint16; // BM
22 | bfSize: uint32; // Size of bitmap file/stream.
23 | bfReserved1: uint16; //
24 | bfReserved2: uint16; //
25 | bfOffBits: uint32; // Offset of pixels.
26 | end;
27 |
28 | TBitmapInfoHeader = record
29 | biSize: uint32;
30 | biWidth: int32;
31 | biHeight: int32;
32 | biPlanes: uint16;
33 | biBitCount: uint16;
34 | biCompression: uint32;
35 | biSizeImage: uint32;
36 | biXPelsPerMeter: int32;
37 | biYPelsPerMeter: int32;
38 | biClrUsed: uint32;
39 | biClrImportant: uint32;
40 | end;
41 |
42 | function ParseBitmapResource(const Stream: TStream): TStream;
43 | var
44 | BmpHdr: TBitmapFileHeader;
45 | InfoHdr: TBitmapInfoHeader;
46 | begin
47 | if not StreamRead(Stream, InfoHdr, SizeOf(InfoHdr)) then
48 | raise Exception.Create('Stream too small.');
49 |
50 | BmpHdr.bfType := $4D42; // BM
51 | BmpHdr.bfSize := SizeOf(TBitmapFileHeader) + Stream.Size;
52 | BmpHdr.bfReserved1 := 0;
53 | BmpHdr.bfReserved2 := 0;
54 | BmpHdr.bfOffBits := 0; // Nowadays viewers are smart enough to calc this offset themselves.
55 |
56 | // Create bitmap.
57 | Stream.Position := 0;
58 | Result := TMemoryStream.Create;
59 | Result.Write(BmpHdr, SizeOf(BmpHdr));
60 | Result.CopyFrom(Stream, Stream.Size);
61 |
62 | Result.Position := 0;
63 | end;
64 |
65 | end.
66 |
--------------------------------------------------------------------------------
/Core/PE/PE.TLS.pas:
--------------------------------------------------------------------------------
1 | unit PE.TLS;
2 |
3 | interface
4 |
5 | uses
6 | PE.Types,
7 | PE.Types.TLS;
8 |
9 | type
10 | TTLS = class
11 | public
12 | Dir: TTLSDirectory;
13 | CallbackRVAs: TRVAs;
14 | constructor Create;
15 | destructor Destroy; override;
16 | procedure Clear;
17 | end;
18 |
19 | implementation
20 |
21 | procedure TTLS.Clear;
22 | begin
23 | FillChar(Dir, SizeOf(Dir), 0);
24 | CallbackRVAs.Clear;
25 | end;
26 |
27 | constructor TTLS.Create;
28 | begin
29 | CallbackRVAs := TRVAs.Create;
30 | end;
31 |
32 | destructor TTLS.Destroy;
33 | begin
34 | CallbackRVAs.Free;
35 | inherited Destroy;
36 | end;
37 |
38 | end.
39 |
--------------------------------------------------------------------------------
/Core/PE/PE.Types.DOSHeader.pas:
--------------------------------------------------------------------------------
1 | unit PE.Types.DOSHeader;
2 |
3 | interface
4 |
5 | type
6 | TDOSMagic = packed record
7 | public
8 | function IsMZ: boolean; inline;
9 | procedure SetMZ; inline;
10 | public
11 | case integer of
12 | 0:
13 | (chars: array [0 .. 1] of AnsiChar);
14 | end;
15 |
16 | type
17 | TImageDOSHeader = packed record
18 | e_magic: TDOSMagic; // Magic number.
19 | e_cblp: uint16; // Bytes on last page of file.
20 | e_cp: uint16; // Pages in file.
21 | e_crlc: uint16; // Relocations.
22 | e_cparhdr: uint16; // Size of header in paragraphs.
23 | e_minalloc: uint16; // Minimum extra paragraphs needed.
24 | e_maxalloc: uint16; // Maximum extra paragraphs needed.
25 | e_ss: uint16; // Initial (relative) SS value.
26 | e_sp: uint16; // Initial SP value.
27 | e_csum: uint16; // Checksum.
28 | e_ip: uint16; // Initial IP value.
29 | e_cs: uint16; // Initial (relative) CS value.
30 | e_lfarlc: uint16; // File address of relocation table.
31 | e_ovno: uint16; // Overlay number.
32 | e_res: array [0 .. 3] of uint16; // Reserved words.
33 | e_oemid: uint16; // OEM identifier (for e_oeminfo).
34 | e_oeminfo: uint16; // OEM information; e_oemid specific.
35 | e_res2: array [0 .. 9] of uint16; // Reserved words.
36 | e_lfanew: uint32; // File address of new exe header.
37 | end;
38 |
39 | PImageDOSHeader = ^TImageDOSHeader;
40 |
41 | const
42 | DOSSTUB: packed array [0 .. 56] of byte = ($0E, $1F, $BA, $0E, $00, $B4, $09,
43 | $CD, $21, $B8, $01, $4C, $CD, $21, $54, $68, $69, $73, $20, $70, $72, $6F,
44 | $67, $72, $61, $6D, $20, $63, $61, $6E, $6E, $6F, $74, $20, $62, $65, $20,
45 | $72, $75, $6E, $20, $69, $6E, $20, $44, $4F, $53, $20, $6D, $6F, $64, $65,
46 | $2E, $0D, $0D, $0A, $24);
47 |
48 | implementation
49 |
50 | { TDOSMagic }
51 |
52 | function TDOSMagic.IsMZ: boolean;
53 | begin
54 | result := self.chars = 'MZ';
55 | end;
56 |
57 | procedure TDOSMagic.SetMZ;
58 | begin
59 | self.chars[0] := 'M';
60 | self.chars[1] := 'Z';
61 | end;
62 |
63 | end.
64 |
--------------------------------------------------------------------------------
/Core/PE/PE.Types.Export.pas:
--------------------------------------------------------------------------------
1 | unit PE.Types.Export;
2 |
3 | interface
4 |
5 | uses
6 | PE.Common;
7 |
8 | type
9 | TImageExportDirectory = packed record
10 | ExportFlags: uint32; // Reserved, must be 0.
11 | TimeDateStamp: uint32; // The time and date that the export data was created.
12 | MajorVersion: uint16; // The major version number.
13 | // The major and minor version numbers can be set by the user.
14 | MinorVersion: uint16; // The minor version number.
15 | NameRVA: uint32; // The address of the ASCII string that contains the name of the DLL.
16 | // This address is relative to the image base.
17 | OrdinalBase: uint32; // The starting ordinal number for exports in this image.
18 | // This field specifies the starting ordinal number for the export address table.
19 | // It is usually set to 1.
20 | AddressTableEntries: uint32; // NumberOfFunctions; The number of entries in the export address table.
21 | NumberOfNamePointers: uint32; // The number of entries in the name pointer table.
22 | // This is also the number of entries in the ordinal table.
23 | ExportAddressTableRVA: uint32; // The address of the export address table, relative to the image base.
24 | NamePointerRVA: uint32; // The address of the export name pointer table, relative to the image base.
25 | // The table size is given by the Number of Name Pointers field.
26 | OrdinalTableRVA: uint32; // The address of the ordinal table, relative to the image base.
27 | end;
28 |
29 | PImageExportDirectory = ^TImageExportDirectory;
30 |
31 | implementation
32 |
33 | end.
34 |
--------------------------------------------------------------------------------
/Core/PE/PE.Types.FileHeader.pas:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Core/PE/PE.Types.FileHeader.pas
--------------------------------------------------------------------------------
/Core/PE/PE.Types.Imports.pas:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Core/PE/PE.Types.Imports.pas
--------------------------------------------------------------------------------
/Core/PE/PE.Types.ImportsDelayed.pas:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Core/PE/PE.Types.ImportsDelayed.pas
--------------------------------------------------------------------------------
/Core/PE/PE.Types.NTHeaders.pas:
--------------------------------------------------------------------------------
1 | unit PE.Types.NTHeaders;
2 |
3 | interface
4 |
5 | uses
6 | PE.Types.FileHeader,
7 | PE.Types.OptionalHeader;
8 |
9 | type
10 | {
11 | TImageNTHeaders32 = packed record
12 | Signature: uint32;
13 | FileHeader: TImageFileHeader;
14 | OptionalHeader: TImageOptionalHeader32;
15 | end;
16 |
17 | PImageNTHeaders32 = ^TImageNTHeaders32;
18 |
19 | TImageNTHeaders64 = packed record
20 | Signature: uint32;
21 | FileHeader: TImageFileHeader;
22 | OptionalHeader: TImageOptionalHeader64;
23 | end;
24 |
25 | PImageNTHeaders64 = ^TImageNTHeaders64;
26 | }
27 |
28 | TNTSignature = record
29 | public
30 | function IsPE00: boolean; inline;
31 | public
32 | case integer of
33 | 0:
34 | (chars: array [0 .. 3] of AnsiChar);
35 | end;
36 |
37 | TImageNTHeaders = packed record
38 | Signature: TNTSignature;
39 | FileHeader: TImageFileHeader;
40 | OptionalHeader: TImageOptionalHeader;
41 | end;
42 |
43 | PImageNTHeaders = ^TImageNTHeaders;
44 |
45 | const
46 | PE00_SIGNATURE: TNTSignature = (chars: 'PE'#0#0);
47 |
48 | implementation
49 |
50 | { TNTSignature }
51 |
52 | function TNTSignature.IsPE00: boolean;
53 | begin
54 | result := self.chars = PE00_SIGNATURE.chars;
55 | end;
56 |
57 | end.
58 |
--------------------------------------------------------------------------------
/Core/PE/PE.Types.Relocations.inc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Core/PE/PE.Types.Relocations.inc
--------------------------------------------------------------------------------
/Core/PE/PE.Types.Sections.pas:
--------------------------------------------------------------------------------
1 | unit PE.Types.Sections;
2 |
3 | interface
4 |
5 | {$I 'PE.Types.Sections.inc'}
6 |
7 |
8 | type
9 | TImageSectionHeader = packed record
10 | private
11 | FName: packed array [0 .. IMAGE_SIZEOF_SHORT_NAME - 1] of AnsiChar;
12 | FVirtualSize: uint32;
13 | FRVA: uint32;
14 | FSizeOfRawData: uint32;
15 | FPointerToRawData: uint32;
16 | FPointerToRelocations: uint32;
17 | FPointerToLinenumbers: uint32;
18 | FNumberOfRelocations: uint16;
19 | FNumberOfLinenumbers: uint16;
20 | FFlags: uint32;
21 | private
22 | function GetName: string;
23 | procedure SetName(const Value: string); // length trimmed to 8 chars
24 | public
25 | procedure Clear; inline;
26 |
27 | property Name: string read GetName write SetName;
28 | property VirtualSize: uint32 read FVirtualSize write FVirtualSize;
29 | property RVA: uint32 read FRVA write FRVA;
30 | property SizeOfRawData: uint32 read FSizeOfRawData write FSizeOfRawData;
31 | property PointerToRawData: uint32 read FPointerToRawData write FPointerToRawData;
32 | property Flags: uint32 read FFlags write FFlags;
33 | end;
34 |
35 | PImageSectionHeader = ^TImageSectionHeader;
36 |
37 | implementation
38 |
39 | { TImageSectionHeader }
40 |
41 | procedure TImageSectionHeader.Clear;
42 | begin
43 | fillchar(self, sizeof(self), 0);
44 | end;
45 |
46 | function TImageSectionHeader.GetName: string;
47 | var
48 | i: Integer;
49 | begin
50 | i := 0;
51 | while (i < IMAGE_SIZEOF_SHORT_NAME) and (FName[i] <> #0) do
52 | inc(i);
53 |
54 | if i = 0 then
55 | exit('');
56 |
57 | setlength(result, i);
58 |
59 | dec(i);
60 |
61 | while i >= 0 do
62 | begin
63 | result[low(result) + i] := char(FName[i]);
64 | dec(i);
65 | end;
66 | end;
67 |
68 | procedure TImageSectionHeader.SetName(const Value: string);
69 | var
70 | i, len: Integer;
71 | begin
72 | i := 0;
73 | len := length(Value);
74 |
75 | while i < len do
76 | begin
77 | FName[i] := AnsiChar(Value[low(Value) + i]);
78 | inc(i);
79 | end;
80 |
81 | while i < IMAGE_SIZEOF_SHORT_NAME do
82 | begin
83 | FName[i] := #0;
84 | inc(i);
85 | end;
86 | end;
87 |
88 | end.
89 |
--------------------------------------------------------------------------------
/Core/PE/PE.Types.TLS.pas:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Core/PE/PE.Types.TLS.pas
--------------------------------------------------------------------------------
/Core/PE/PE.Types.pas:
--------------------------------------------------------------------------------
1 | unit PE.Types;
2 |
3 | interface
4 |
5 | uses
6 | Generics.Collections,
7 | PE.Common;
8 |
9 | type
10 | TRVAs = TList;
11 |
12 | TPEParser = class
13 | FPE: TObject;
14 | constructor Create(PEImage: TObject);
15 | function Parse: TParserResult; virtual; abstract;
16 | end;
17 |
18 | TPEParserClass = class of TPEParser;
19 |
20 | implementation
21 |
22 | { TPEParser }
23 |
24 | constructor TPEParser.Create(PEImage: TObject);
25 | begin
26 | FPE := PEImage;
27 | end;
28 |
29 | end.
30 |
--------------------------------------------------------------------------------
/Core/PE/README.md:
--------------------------------------------------------------------------------
1 | # pe-image-for-delphi
2 |
3 | This is Delphi library to work with Portable Executable Image files.
4 | The main purpose is to make parsing image structures of 32/64 bit image easy.
5 | Now it can parse most used things, like: sections, imports, exports, resources and tls.
6 |
7 | Also it can write image, but that was not primary goal.
8 |
9 | ToDo:
10 |
11 | - There must be introduced sparsed/paged virtual memory concept (just like Windows does)
12 | Currently all section data is loaded into memory.
13 | Some virus samples tested can crash loading because of using too big virtual address range.
14 | With normal compiler generated images you won't have such problem.
15 |
16 |
17 | ---
18 |
19 | ### ... and some tweaks for Lazarus.
20 |
21 | Lazarus does not support anonymous functions, so I just change it to callbacks.
22 | This code is very dirty and terrible. You should use it at your own risk.
23 |
24 | Generic problem was simply solved by "[FreePascal Generics.Collections library](https://github.com/dathox/generics.collections)".
25 | (Thank's for it.)
26 |
27 | You also need "TlHelp32.pas" and "PsAPI.pas" units for build it in Lazarus.
28 | Copy them from Delphi's src folder.
29 |
--------------------------------------------------------------------------------
/Core/Zydis/Generated/Zydis.Enum.ISASet.inc:
--------------------------------------------------------------------------------
1 | type
2 | {$Z1}
3 | TZydisISASet = (
4 | ZYDIS_ISA_SET_INVALID,
5 | ZYDIS_ISA_SET_ADOX_ADCX,
6 | ZYDIS_ISA_SET_AES,
7 | ZYDIS_ISA_SET_AMD3DNOW,
8 | ZYDIS_ISA_SET_AVX,
9 | ZYDIS_ISA_SET_AVX2,
10 | ZYDIS_ISA_SET_AVX2GATHER,
11 | ZYDIS_ISA_SET_AVX512EVEX,
12 | ZYDIS_ISA_SET_AVX512VEX,
13 | ZYDIS_ISA_SET_AVXAES,
14 | ZYDIS_ISA_SET_BASE,
15 | ZYDIS_ISA_SET_BMI1,
16 | ZYDIS_ISA_SET_BMI2,
17 | ZYDIS_ISA_SET_CET,
18 | ZYDIS_ISA_SET_CLFLUSHOPT,
19 | ZYDIS_ISA_SET_CLFSH,
20 | ZYDIS_ISA_SET_CLWB,
21 | ZYDIS_ISA_SET_CLZERO,
22 | ZYDIS_ISA_SET_F16C,
23 | ZYDIS_ISA_SET_FMA,
24 | ZYDIS_ISA_SET_FMA4,
25 | ZYDIS_ISA_SET_GFNI,
26 | ZYDIS_ISA_SET_INVPCID,
27 | ZYDIS_ISA_SET_KNC,
28 | ZYDIS_ISA_SET_KNCE,
29 | ZYDIS_ISA_SET_KNCV,
30 | ZYDIS_ISA_SET_LONGMODE,
31 | ZYDIS_ISA_SET_LZCNT,
32 | ZYDIS_ISA_SET_MMX,
33 | ZYDIS_ISA_SET_MONITOR,
34 | ZYDIS_ISA_SET_MONITORX,
35 | ZYDIS_ISA_SET_MOVBE,
36 | ZYDIS_ISA_SET_MPX,
37 | ZYDIS_ISA_SET_PAUSE,
38 | ZYDIS_ISA_SET_PCLMULQDQ,
39 | ZYDIS_ISA_SET_PCONFIG,
40 | ZYDIS_ISA_SET_PKU,
41 | ZYDIS_ISA_SET_PREFETCHWT1,
42 | ZYDIS_ISA_SET_PT,
43 | ZYDIS_ISA_SET_RDPID,
44 | ZYDIS_ISA_SET_RDRAND,
45 | ZYDIS_ISA_SET_RDSEED,
46 | ZYDIS_ISA_SET_RDTSCP,
47 | ZYDIS_ISA_SET_RDWRFSGS,
48 | ZYDIS_ISA_SET_RTM,
49 | ZYDIS_ISA_SET_SGX,
50 | ZYDIS_ISA_SET_SGX_ENCLV,
51 | ZYDIS_ISA_SET_SHA,
52 | ZYDIS_ISA_SET_SMAP,
53 | ZYDIS_ISA_SET_SMX,
54 | ZYDIS_ISA_SET_SSE,
55 | ZYDIS_ISA_SET_SSE2,
56 | ZYDIS_ISA_SET_SSE3,
57 | ZYDIS_ISA_SET_SSE4,
58 | ZYDIS_ISA_SET_SSE4A,
59 | ZYDIS_ISA_SET_SSSE3,
60 | ZYDIS_ISA_SET_SVM,
61 | ZYDIS_ISA_SET_TBM,
62 | ZYDIS_ISA_SET_VAES,
63 | ZYDIS_ISA_SET_VMFUNC,
64 | ZYDIS_ISA_SET_VPCLMULQDQ,
65 | ZYDIS_ISA_SET_VTX,
66 | ZYDIS_ISA_SET_X87,
67 | ZYDIS_ISA_SET_XOP,
68 | ZYDIS_ISA_SET_XSAVE,
69 | ZYDIS_ISA_SET_XSAVEC,
70 | ZYDIS_ISA_SET_XSAVEOPT,
71 | ZYDIS_ISA_SET_XSAVES,
72 |
73 | ZYDIS_ISA_SET_MAX_VALUE = ZYDIS_ISA_SET_XSAVES
74 | );
75 |
--------------------------------------------------------------------------------
/Core/Zydis/Zydis.Exception.pas:
--------------------------------------------------------------------------------
1 | {***************************************************************************************************
2 |
3 | Zydis Top Level API
4 |
5 | Original Author : Florian Bernd
6 |
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy
8 | * of this software and associated documentation files (the "Software"), to deal
9 | * in the Software without restriction, including without limitation the rights
10 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 | * copies of the Software, and to permit persons to whom the Software is
12 | * furnished to do so, subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 | * SOFTWARE.
24 |
25 | ***************************************************************************************************}
26 |
27 | unit Zydis.Exception;
28 |
29 | interface
30 |
31 | {$IFDEF FPC}
32 | {$MODE DELPHI}
33 | {$ENDIF}
34 |
35 | uses
36 | {$IFNDEF FPC}System.SysUtils{$ELSE}SysUtils{$ENDIF}, Zydis;
37 |
38 | type
39 | TZydisException = class(Exception)
40 | strict private
41 | FStatus: TZydisStatus;
42 | public
43 | class procedure RaiseException(Status: TZydisStatus); inline;
44 | public
45 | property Status: TZydisStatus read FStatus write FStatus;
46 | end;
47 |
48 | implementation
49 |
50 | { TZydisException }
51 |
52 | class procedure TZydisException.RaiseException(Status: TZydisStatus);
53 | var
54 | E: TZydisException;
55 | begin
56 | E := TZydisException.CreateFmt('Zydis exception. Status code: %2x', [Ord(Status)]);
57 | E.Status := Status;
58 | raise E;
59 | end;
60 |
61 | end.
62 |
--------------------------------------------------------------------------------
/Core/besenunits.inc:
--------------------------------------------------------------------------------
1 | BESEN,
2 | BESENCodeSnapshot,
3 | BESENVersionConstants,
4 | BESENConstants,
5 | BESENValueContainer,
6 | BESENUnicodeTables,
7 | BESENStringUtils,
8 | BESENStringTree,
9 | BESENStringList,
10 | BESENSelfBalancedTree,
11 | BESENScope,
12 | BESENRegExpCache,
13 | BESENRandomGenerator,
14 | BESENPointerSelfBalancedTree,
15 | BESENPointerList,
16 | BESENParser,
17 | BESENOpcodes,
18 | BESENObjectThrowTypeErrorFunction,
19 | BESENObjectStringPrototype,
20 | BESENObjectStringConstructor,
21 | BESENObjectString,
22 | BESENObjectRegExpPrototype,
23 | BESENObjectRegExpConstructor,
24 | BESENObjectRegExp,
25 | BESENObjectPrototype,
26 | BESENObjectPropertyDescriptor,
27 | BESENObjectNumberPrototype,
28 | BESENObjectNumberConstructor,
29 | BESENObjectNumber,
30 | BESENObjectNativeFunction,
31 | BESENObjectMath,
32 | BESENObjectJSON,
33 | BESENObjectGlobal,
34 | BESENObjectFunctionPrototype,
35 | BESENObjectFunctionConstructor,
36 | BESENObjectFunctionArguments,
37 | BESENObjectFunction,
38 | BESENObjectErrorPrototype,
39 | BESENObjectErrorConstructor,
40 | BESENObjectError,
41 | BESENObjectEnvironmentRecord,
42 | BESENObjectDeclaredFunction,
43 | BESENObjectDatePrototype,
44 | BESENObjectDateConstructor,
45 | BESENObjectDate,
46 | BESENObjectConstructor,
47 | BESENObjectBooleanPrototype,
48 | BESENObjectBooleanConstructor,
49 | BESENObjectBoolean,
50 | BESENObjectBindingFunction,
51 | BESENObjectArrayPrototype,
52 | BESENObjectArrayConstructor,
53 | BESENObjectArray,
54 | BESENObjectArgSetterFunction,
55 | BESENObjectArgGetterFunction,
56 | BESENObject,
57 | BESENNumberUtils,
58 | BESENNativeObject,
59 | BESENNativeCodeMemoryManager,
60 | BESENLocale,
61 | BESENLexicalEnvironment,
62 | BESENLexer,
63 | BESENKeyIDManager,
64 | BESENIntegerList,
65 | BESENInt64SelfBalancedTree,
66 | BESENHashUtils,
67 | BESENHashMap,
68 | BESENGlobals,
69 | BESENGarbageCollector,
70 | BESENEvalCacheItem,
71 | BESENEvalCache,
72 | BESENErrors,
73 | BESENEnvironmentRecord,
74 | BESENDoubleList,
75 | BESENDecompiler,
76 | BESENDeclarativeEnvironmentRecord,
77 | BESENDateUtils,
78 | BESENCompiler,
79 | BESENCollectorObject,
80 | BESENCollector,
81 | BESENCharset,
82 | BESENBaseObject,
83 | BESENArrayUtils,
84 | BESENTypes,
85 | BESENUtils,
86 | BESENValue,
87 | BESENRegExp,
88 | BESENCode,
89 | BESENASTNodes,
90 | BESENCodeContext,
91 | BESENCodeGeneratorContext,
92 | BESENContext,
93 | BESENObjectConsole
94 |
--------------------------------------------------------------------------------
/Core/generics_collections/.gitignore:
--------------------------------------------------------------------------------
1 | *.exe
2 | *.lps
3 | *.bak
4 | *.compiled
5 | *.o
6 | *.ppu
7 | *.rsj
8 |
--------------------------------------------------------------------------------
/Core/generics_collections/README.md:
--------------------------------------------------------------------------------
1 | # generics.collections
2 |
3 | FreePascal Generics.Collections library (TList, TDictionary, THashMap and more...)
4 |
5 | Open FPC bugs related to Generics.* :
6 |
7 | CRITICAL: 26030 25918, 25620, 24283
8 | IMPORTANT: 24097, 24285, 24286 (Similar to? 24285), 24098, 24534, 25614, 26195
9 | OTHER: 26484, 25593, 26181
--------------------------------------------------------------------------------
/Core/generics_collections/fpmake.pp:
--------------------------------------------------------------------------------
1 | {$ifndef ALLPACKAGES}
2 | program fpmake;
3 |
4 | {$mode objfpc}{$h+}
5 |
6 | uses fpmkunit;
7 | {$endif}
8 |
9 | Procedure add_rtl_generics(ADirectory : string);
10 |
11 | Var
12 | P : TPackage;
13 | T : TTarget;
14 |
15 | begin
16 | With Installer do
17 | begin
18 | P:=AddPackage('rtl-generics');
19 | P.ShortName:='rtlg';
20 | P.Author := 'Maciej Izak';
21 | P.License := 'LGPL with modification, ';
22 | P.HomepageURL := 'www.freepascal.org';
23 | P.Email := '';
24 | P.Description := 'Generic collection library.';
25 | P.NeedLibC:= false;
26 | P.OSes := AllOSes-[embedded];
27 | P.Directory:=ADirectory;
28 | P.Version:='3.1.1';
29 | P.Dependencies.Add('rtl-objpas');
30 | P.SourcePath.Add('src');
31 | P.IncludePath.Add('src/inc');
32 | T:=P.Targets.AddUnit('generics.collections.pas');
33 | with T.Dependencies do
34 | begin
35 | AddUnit('generics.memoryexpanders');
36 | AddUnit('generics.defaults');
37 | AddUnit('generics.helpers');
38 | AddUnit('generics.strings');
39 | end;
40 | T:=P.Targets.AddUnit('generics.defaults.pas');
41 | with T.Dependencies do
42 | begin
43 | AddUnit('generics.hashes');
44 | AddUnit('generics.strings');
45 | AddUnit('generics.helpers');
46 | end;
47 | T:=P.Targets.AddUnit('generics.hashes.pas');
48 | T:=P.Targets.AddUnit('generics.helpers.pas');
49 | T:=P.Targets.AddUnit('generics.memoryexpanders.pas');
50 | T:=P.Targets.AddUnit('generics.strings.pas');
51 | // Examples
52 | P.ExamplePath.Add('examples/tarraydouble');
53 | T:=P.Targets.AddExampleProgram('tarrayprojectdouble.lpr');
54 | P.ExamplePath.Add('examples/tarraysingle');
55 | T:=P.Targets.AddExampleProgram('tarrayprojectsingle.lpr');
56 | P.ExamplePath.Add('examples/tcomparer');
57 | T:=P.Targets.AddExampleProgram('tcomparerproject.lpr');
58 | P.ExamplePath.Add('examples/thashmap');
59 | T:=P.Targets.AddExampleProgram('thashmapproject.lpr');
60 | P.ExamplePath.Add('examples/thashmapcaseinsensitive');
61 | T:=P.Targets.AddExampleProgram('thashmapcaseinsensitive.lpr');
62 | P.ExamplePath.Add('examples/thashmapextendedequalitycomparer');
63 | T:=P.Targets.AddExampleProgram('thashmapextendedequalitycomparer.lpr');
64 | P.ExamplePath.Add('examples/tobjectlist');
65 | T:=P.Targets.AddExampleProgram('tobjectlistproject.lpr');
66 | P.ExamplePath.Add('examples/tqueue');
67 | T:=P.Targets.AddExampleProgram('tqueueproject.lpr');
68 | P.ExamplePath.Add('examples/tstack');
69 | T:=P.Targets.AddExampleProgram('tstackproject.lpr');
70 | end;
71 | end;
72 |
73 | {$ifndef ALLPACKAGES}
74 | begin
75 | add_rtl_generics('');
76 | Installer.Run;
77 | end.
78 | {$endif ALLPACKAGES}
79 |
--------------------------------------------------------------------------------
/Core/generics_collections/src/generics.strings.pas:
--------------------------------------------------------------------------------
1 | {
2 | This file is part of the Free Pascal/NewPascal run time library.
3 | Copyright (c) 2014 by Maciej Izak (hnb)
4 | member of the NewPascal development team (http://newpascal.org)
5 |
6 | Copyright(c) 2004-2018 DaThoX
7 |
8 | It contains the generics collections library
9 |
10 | See the file COPYING.FPC, included in this distribution,
11 | for details about the copyright.
12 |
13 | This program is distributed in the hope that it will be useful,
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
16 |
17 | **********************************************************************}
18 |
19 | unit Generics.Strings;
20 |
21 | {$mode objfpc}{$H+}
22 |
23 | interface
24 |
25 | resourcestring
26 | SArgumentOutOfRange = 'Argument out of range';
27 | SArgumentNilNode = 'Node is nil';
28 | SDuplicatesNotAllowed = 'Duplicates not allowed in dictionary';
29 | SCollectionInconsistency = 'Collection inconsistency';
30 | SCollectionDuplicate = 'Collection does not allow duplicates';
31 | SDictionaryKeyDoesNotExist = 'Dictionary key does not exist';
32 | SItemNotFound = 'Item not found';
33 |
34 | implementation
35 |
36 | end.
37 |
38 |
--------------------------------------------------------------------------------
/Core/globals.pas:
--------------------------------------------------------------------------------
1 | unit Globals;
2 |
3 | {$mode delphi}
4 |
5 | interface
6 |
7 | uses
8 | Classes, SysUtils, Emu, quickjs, Unicorn_dyn;
9 |
10 |
11 | {
12 | Given a version number MAJOR.MINOR.PATCH, increment the:
13 |
14 | MAJOR version when you make incompatible API changes,
15 | MINOR version when you add functionality in a backwards-compatible manner, and
16 | PATCH version when you make backwards-compatible bug fixes.
17 | }
18 | const
19 | CM_VERSION = 'v0.3.0';
20 |
21 | microseconds : UInt64 = 1000000;
22 |
23 | var
24 | VerboseExcp : Boolean = False;
25 | Verbose : Boolean = False;
26 | VerboseEx : Boolean = False;
27 | VerboseExx : Boolean = False;
28 | Speed : Boolean = False;
29 | ShowASM : Boolean = False;
30 | InterActive : Boolean = False; // TODO .
31 | //============================================================================//
32 | Steps_limit : UInt64 = 4000000; // 0 = unlimited .
33 | Steps : UInt64 = 0;
34 |
35 | Emulator : TEmu;
36 |
37 | rt : JSRuntime = nil;
38 | ctx : JSContext = nil;
39 | JSEmu : JSValue;
40 |
41 | //HOOK_BASE,HOOK_INDEX,HOOK_LIB,HOOK_Fn : UInt64;
42 |
43 | win32 : UnicodeString = '';
44 | win64 : UnicodeString = '';
45 |
46 | JSAPI : AnsiString = '';
47 | ApiSetSchemaPath : UnicodeString = '';
48 |
49 | implementation
50 |
51 | end.
52 |
53 |
--------------------------------------------------------------------------------
/Core/interactive.pas:
--------------------------------------------------------------------------------
1 | unit Interactive;
2 | // TODO .
3 | {$mode delphi}
4 |
5 | interface
6 |
7 | uses
8 | Classes, SysUtils,
9 | Unicorn_dyn , UnicornConst, X86Const;
10 |
11 | implementation
12 |
13 | end.
14 |
15 |
--------------------------------------------------------------------------------
/Core/memmanager.pas:
--------------------------------------------------------------------------------
1 | unit MemManager;
2 |
3 | {$mode delphi}
4 |
5 | interface
6 |
7 | uses
8 | Classes, SysUtils,
9 | Globals,LazUTF8,
10 | Generics.Collections;
11 |
12 | // TODO: this class will handle all Memory in the PE .
13 | // like Alloc new Memory or Free one .. etc .
14 | type
15 | TMemoryManager = Class
16 |
17 | end;
18 |
19 | implementation
20 |
21 | end.
22 |
23 |
--------------------------------------------------------------------------------
/Core/nativehooks.pas:
--------------------------------------------------------------------------------
1 | unit NativeHooks;
2 |
3 | {$mode delphi}
4 |
5 | interface
6 |
7 | uses
8 | Classes, SysUtils, JSEmuObj, FnHook, Emu, math,
9 | Unicorn_dyn , UnicornConst, X86Const, xxHash,
10 | quickjs;
11 |
12 |
13 | procedure InstallNativeHooks();
14 |
15 | implementation
16 | uses
17 | Globals,Utils,TEP_PEB;
18 |
19 | function NtContinue(uc : uc_engine; Address , ret : UInt64 ) : Boolean; stdcall;
20 | var
21 | ExceptionRec : UInt64 = 0;
22 | Context : UInt64 = 0;
23 | ExceptionRecord : EXCEPTION_RECORD_32;
24 | ContextRecord : CONTEXT_32;
25 | begin
26 |
27 | ExceptionRec := pop();
28 | pop(); // Old ESP ..
29 | Context := pop();
30 |
31 | Initialize(ExceptionRecord);
32 | FillByte(ExceptionRecord,SizeOf(ExceptionRecord),0);
33 | Initialize(ContextRecord);
34 | FillByte(ContextRecord,SizeOf(ContextRecord),0);
35 |
36 | Emulator.err := uc_mem_read_(uc,ExceptionRec,@ExceptionRecord,SizeOf(ExceptionRecord));
37 |
38 | Emulator.err := uc_mem_read_(uc,Context,@ContextRecord,SizeOf(ContextRecord));
39 | if Emulator.err <> UC_ERR_OK then
40 | begin
41 | TextColor(LightRed);
42 | Writeln('ZwContinue : Error While Reading ContextRecord');
43 | NormVideo;
44 | halt(0);
45 | end;
46 |
47 | uc_reg_write(uc,ifthen(Emulator.isx64,UC_X86_REG_RBP,UC_X86_REG_EBP),@ContextRecord.Ebp);
48 | uc_reg_write(uc,ifthen(Emulator.isx64,UC_X86_REG_RSP,UC_X86_REG_ESP),@ContextRecord.Esp);
49 | uc_reg_write(uc,ifthen(Emulator.isx64,UC_X86_REG_RIP,UC_X86_REG_EIP),@ContextRecord.Eip);
50 | uc_reg_write(uc,ifthen(Emulator.isx64,UC_X86_REG_RDI,UC_X86_REG_EDI),@ContextRecord.Edi);
51 | uc_reg_write(uc,ifthen(Emulator.isx64,UC_X86_REG_RSI,UC_X86_REG_ESI),@ContextRecord.Esi);
52 | uc_reg_write(uc,ifthen(Emulator.isx64,UC_X86_REG_RBX,UC_X86_REG_EBX),@ContextRecord.Ebx);
53 | uc_reg_write(uc,ifthen(Emulator.isx64,UC_X86_REG_RDX,UC_X86_REG_EDX),@ContextRecord.Edx);
54 | uc_reg_write(uc,ifthen(Emulator.isx64,UC_X86_REG_RCX,UC_X86_REG_ECX),@ContextRecord.Ecx);
55 | uc_reg_write(uc,ifthen(Emulator.isx64,UC_X86_REG_RAX,UC_X86_REG_EAX),@ContextRecord.Eax);
56 |
57 | Emulator.Flags.FLAGS := ContextRecord.EFlags;
58 | reg_write_x64(uc,UC_X86_REG_EFLAGS,Emulator.Flags.FLAGS);
59 |
60 | if VerboseExcp then
61 | begin
62 | TextColor(LightMagenta);
63 | Writeln(Format('ZwContinue -> Context = 0x%x'#10#13,[Context]));
64 | NormVideo;
65 | end;
66 |
67 | Result := True;
68 | end;
69 |
70 | procedure InstallNativeHooks();
71 | begin
72 | Emulator.Hooks.ByName.AddOrSetValue(xxHash64Calc('ntdll.NtContinue'),THookFunction.Create(
73 | 'ntdll','NtContinue',0,False,@NtContinue,JS_UNDEFINED,JS_UNDEFINED,JS_UNDEFINED));
74 | end;
75 |
76 | end.
77 |
78 |
--------------------------------------------------------------------------------
/Core/pesp/.gitignore:
--------------------------------------------------------------------------------
1 | *.dcu
2 | *.a
3 | *.o
4 | *.rst
5 | *.lps
6 | *.~*~
7 | *.local
8 | *.log
9 | *.identcache
10 | __history
11 | doc
12 | test
13 | fpc
14 | *.drc
15 | *.map
16 | *.exe
17 | *.dll
18 | *.sys
19 | bin/*
20 | *.o
21 | *.obj
22 | *.ppu
23 | *.bak
24 | *.compiled
25 | Win32
26 | Win64
27 | *.vlb
28 | *.tvsconfig
29 | *.zip
30 | bpl
31 | dist
32 |
--------------------------------------------------------------------------------
/Core/pesp/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2015, sa
2 | All rights reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without
5 | modification, are permitted provided that the following conditions are met:
6 |
7 | * Redistributions of source code must retain the above copyright notice,
8 | this list of conditions and the following disclaimer.
9 | * Redistributions in binary form must reproduce the above copyright notice,
10 | this list of conditions and the following disclaimer in the documentation
11 | and/or other materials provided with the distribution.
12 | * Neither the name of the developer(s) nor the names of its
13 | contributors may be used to endorse or promote products derived from this
14 | software without specific prior written permission.
15 |
16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 | POSSIBILITY OF SUCH DAMAGE.
27 |
28 |
--------------------------------------------------------------------------------
/Core/pesp/PseCmn.pas:
--------------------------------------------------------------------------------
1 | {
2 | Pascal Executable Parser
3 |
4 | by sa, 2014,2015
5 | }
6 |
7 | unit PseCmn;
8 |
9 | {$IFDEF FPC}
10 | {$MODE Delphi}
11 | {$ENDIF}
12 |
13 | interface
14 |
15 | const
16 | MAXBYTE = 255;
17 | MAXWORD = 65535;
18 |
19 | type
20 | TPseBitness = (psebUnknown, pseb16, pseb32, pseb64);
21 |
22 | TPseArch = (
23 | pseaARM,
24 | pseaARM64,
25 | pseaMIPS,
26 | pseaX86,
27 | pseaPPC,
28 | pseaSPARC,
29 | pseaSysZ,
30 | pseaXCore,
31 | pseaUnknown
32 | );
33 |
34 | TPseMode = set of (
35 | psemLittleEndian,
36 | psemARM,
37 | psem16,
38 | psem32,
39 | psem64,
40 | psemThumb,
41 | psemMClass,
42 | psemV8,
43 | psemMicro,
44 | psemMips3,
45 | psemMips3R6,
46 | psemMipsGP64,
47 | psemV9,
48 | psemBigEndian
49 | );
50 |
51 | const
52 | BITNESS_STRING: array[TPseBitness] of string = ('Unknown', '16', '32', '64');
53 | ARCH_STRING: array[TPseArch] of string = ('ARM', 'ARM64', 'MIPS', 'x86', 'PowerPC',
54 | 'SPARC', 'SystemZ', 'XCore', 'Unknown');
55 |
56 | implementation
57 |
58 | end.
59 |
--------------------------------------------------------------------------------
/Core/pesp/PseDebugInfo.pas:
--------------------------------------------------------------------------------
1 | {
2 | Pascal Executable Parser
3 |
4 | by sa, 2014,2015
5 | }
6 |
7 | unit PseDebugInfo;
8 |
9 | {$IFDEF FPC}
10 | {$MODE Delphi}
11 | {$ENDIF}
12 |
13 | interface
14 |
15 | uses
16 | SysUtils, Classes,
17 | {$ifdef FPC}
18 | fgl
19 | {$else}
20 | Generics.Collections
21 | {$endif}
22 | ;
23 |
24 | type
25 | TDebugInfoItem = record
26 | Segment: Word;
27 | Offset: UInt64;
28 | FileName: string;
29 | LineNum: UInt64;
30 | Name: string;
31 | end;
32 | PDebugInfoItem = ^TDebugInfoItem;
33 |
34 | TDebugInfoDict = {$ifdef FPC}TFPGMap{$else}TDictionary{$endif};
35 | TSegments = {$ifdef FPC}TFPGMap{$else}TDictionary{$endif};
36 |
37 | TPseDebugInfo = class
38 | private
39 | FSegments: TSegments;
40 | function GetSegmentDict(const ASeg: Word): TDebugInfoDict;
41 | function GetIsEmpty: boolean;
42 | public
43 | constructor Create;
44 | destructor Destroy; override;
45 |
46 | procedure Add(ADi: TDebugInfoItem);
47 |
48 | property IsEmpty: Boolean read GetIsEmpty;
49 | property SegmentDi[const ASeg: Word]: TDebugInfoDict read GetSegmentDict;
50 | end;
51 |
52 | implementation
53 |
54 | constructor TPseDebugInfo.Create;
55 | begin
56 | inherited Create;
57 | FSegments := TSegments.Create;
58 | end;
59 |
60 | destructor TPseDebugInfo.Destroy;
61 | begin
62 | FSegments.Clear;
63 | FSegments.Free;
64 | inherited;
65 | end;
66 |
67 | function TPseDebugInfo.GetSegmentDict(const ASeg: Word): TDebugInfoDict;
68 | {$ifdef FPC}
69 | var
70 | index: integer;
71 | {$endif}
72 | begin
73 | {$ifdef FPC}
74 | if (FSegments.Find(ASeg, index)) then begin
75 | Result := FSegments.Data[index];
76 | Exit;
77 | end;
78 | {$else}
79 | if FSegments.ContainsKey(ASeg) then begin
80 | if FSegments.TryGetValue(ASeg, Result) then
81 | Exit;
82 | end;
83 | {$endif}
84 | Result := TDebugInfoDict.Create;
85 | FSegments.Add(ASeg, Result);
86 | end;
87 |
88 | function TPseDebugInfo.GetIsEmpty: boolean;
89 | begin
90 | Result := FSegments.Count = 0;
91 | end;
92 |
93 | procedure TPseDebugInfo.Add(ADi: TDebugInfoItem);
94 | var
95 | dict: TDebugInfoDict;
96 | {$ifdef FPC}
97 | index: integer;
98 | {$endif}
99 | begin
100 | dict := GetSegmentDict(ADi.Segment);
101 | {$ifdef FPC}
102 | if (not FSegments.Find(ADi.Offset, index)) then begin
103 | dict.Add(ADi.Offset, ADi);
104 | end;
105 | {$else}
106 | if not dict.ContainsKey(ADi.Offset) then
107 | dict.Add(ADi.Offset, ADi);
108 | {$endif}
109 | end;
110 |
111 | end.
112 |
--------------------------------------------------------------------------------
/Core/pesp/PseElf.pas:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Core/pesp/PseElf.pas
--------------------------------------------------------------------------------
/Core/pesp/PseElfLoader.pas:
--------------------------------------------------------------------------------
1 | unit PseElfLoader;
2 |
3 | interface
4 |
5 | uses
6 | Classes, PseImgLoader, PseSection, PseVirtMem;
7 |
8 | type
9 | TPseElfLoader = class(TPseImgLoader)
10 | private
11 | procedure LoadSection(AMem: TPseVirtMem; ASection: TPseSection);
12 | public
13 | procedure Load(AMem: TPseVirtMem); override;
14 | end;
15 |
16 | implementation
17 |
18 | procedure TPseElfLoader.Load(AMem: TPseVirtMem);
19 | var
20 | i: integer;
21 | begin
22 | for i := 0 to FFile.Sections.Count - 1 do begin
23 | LoadSection(AMem, FFile.Sections[i]);
24 | end;
25 | end;
26 |
27 | procedure TPseElfLoader.LoadSection(AMem: TPseVirtMem; ASection: TPseSection);
28 | var
29 | seg: TPseMemSegment;
30 | flags: TPseMemFlags;
31 | ms: TMemoryStream;
32 | begin
33 | flags := [];
34 | if (saReadable in ASection.Attribs) then
35 | Include(flags, pmfRead);
36 | if (saWriteable in ASection.Attribs) then
37 | Include(flags, pmfWrite);
38 | if (saExecuteable in ASection.Attribs) then
39 | Include(flags, pmfExecute);
40 | if flags <> [] then begin
41 | seg := AMem.CreateSegment(ASection.Name, ASection.Address,
42 | ASection.Size, [pmfWrite]);
43 | ms := TMemoryStream.Create;
44 | try
45 | ASection.SaveToStream(ms);
46 | ms.Position := 0;
47 | seg.Write(ASection.Address, ms.Memory^, ASection.Size);
48 | finally
49 | ms.Free;
50 | end;
51 | seg.Flags := flags;
52 | end;
53 | end;
54 |
55 | end.
56 |
--------------------------------------------------------------------------------
/Core/pesp/PseExportTable.pas:
--------------------------------------------------------------------------------
1 | {
2 | Pascal Executable Parser
3 |
4 | by sa, 2014,2015
5 | }
6 |
7 | unit PseExportTable;
8 |
9 | {$IFDEF FPC}
10 | {$MODE Delphi}
11 | {$ENDIF}
12 |
13 | interface
14 |
15 | uses
16 | SysUtils, Classes,
17 | {$ifdef FPC}
18 | fgl
19 | {$else}
20 | Generics.Collections
21 | {$endif}
22 | ;
23 |
24 | type
25 | TPseExport = class
26 | private
27 | FName: string;
28 | FOrdinal: integer;
29 | FAddress: UInt64;
30 | public
31 | property Name: string read FName write FName;
32 | property Ordinal: integer read FOrdinal write FOrdinal;
33 | property Address: UInt64 read FAddress write FAddress;
34 | end;
35 |
36 | type
37 | {$ifdef FPC}
38 | TExportList = TFPGList;
39 | {$else}
40 | TExportList = TList;
41 | {$endif}
42 |
43 | TPseExportTable = class(TExportList)
44 | private
45 | FNumNames: integer;
46 | FNumFuncs: integer;
47 | FBase: UInt64;
48 | FName: string;
49 | public
50 | destructor Destroy; override;
51 | procedure Clear;
52 | function New: TPseExport;
53 |
54 | property NumNames: integer read FNumNames write FNumNames;
55 | property NumFuncs: integer read FNumFuncs write FNumFuncs;
56 | property Base: UInt64 read FBase write FBase;
57 | property Name: string read FName write FName;
58 | end;
59 |
60 | implementation
61 |
62 | destructor TPseExportTable.Destroy;
63 | begin
64 | Clear;
65 | inherited;
66 | end;
67 |
68 | procedure TPseExportTable.Clear;
69 | var
70 | i: integer;
71 | begin
72 | for i := 0 to Count - 1 do
73 | Items[i].Free;
74 | inherited;
75 | end;
76 |
77 | function TPseExportTable.New: TPseExport;
78 | begin
79 | Result := TPseExport.Create;
80 | Add(Result);
81 | end;
82 |
83 | end.
84 |
--------------------------------------------------------------------------------
/Core/pesp/PseImgLoader.pas:
--------------------------------------------------------------------------------
1 | unit PseImgLoader;
2 |
3 | {$IFDEF FPC}
4 | {$MODE Delphi}
5 | {$ENDIF}
6 |
7 | interface
8 |
9 | uses
10 | Classes, PseFile, PseVirtMem;
11 |
12 | type
13 | TPseImgLoader = class
14 | protected
15 | FFile: TPseFile;
16 | public
17 | constructor Create(AFile: TPseFile); virtual;
18 | procedure Load(AMem: TPseVirtMem); virtual; abstract;
19 |
20 | class function GetInstance(AFile: TPseFile): TPseImgLoader;
21 | class function LoadFile(AFile: TPseFile; AMem: TPseVirtMem): boolean;
22 | end;
23 |
24 | implementation
25 |
26 | uses
27 | PsePeFile, PsePeLoader, PseElfLoader, PseElfFile;
28 |
29 | class function TPseImgLoader.GetInstance(AFile: TPseFile): TPseImgLoader;
30 | begin
31 | if AFile is TPsePeFile then
32 | Result := TPsePeLoader.Create(AFile)
33 | else if AFile is TPseElfFile then
34 | Result := TPseElfLoader.Create(AFile)
35 | else
36 | Result := nil;
37 | end;
38 |
39 | class function TPseImgLoader.LoadFile(AFile: TPseFile; AMem: TPseVirtMem): boolean;
40 | var
41 | ldr: TPseImgLoader;
42 | begin
43 | ldr := TPseImgLoader.GetInstance(AFile);
44 | if Assigned(ldr) then begin
45 | try
46 | ldr.Load(AMem);
47 | Result := true;
48 | finally
49 | ldr.Free;
50 | end;
51 | end else
52 | Result := false;
53 | end;
54 |
55 | constructor TPseImgLoader.Create(AFile: TPseFile);
56 | begin
57 | inherited Create;
58 | FFile := AFile;
59 | end;
60 |
61 | end.
62 |
--------------------------------------------------------------------------------
/Core/pesp/PseLibFile.pas:
--------------------------------------------------------------------------------
1 | {
2 | Pascal Executable Parser
3 |
4 | by sa, 2014,2015
5 | }
6 |
7 | unit PseLibFile;
8 |
9 | {$IFDEF FPC}
10 | {$MODE Delphi}
11 | {$ENDIF}
12 |
13 | interface
14 |
15 | uses
16 | SysUtils, Classes, PseFile;
17 |
18 | type
19 | {
20 | COFF archive format: .lib, MinGW .a files.
21 | May (static lib file) or may not (dynamic lib file) the contents of one or
22 | more COFF OBJ files.
23 |
24 | References
25 | Micosoft. Microsoft Portable Executable and Common Object File Format
26 | Specification. Microsoft, February 2013.
27 | }
28 | TLibFile = class(TPseFile)
29 |
30 | end;
31 |
32 | implementation
33 |
34 | initialization
35 | // TSadFile.RegisterFile(TLibFile, 2);
36 |
37 | end.
38 |
--------------------------------------------------------------------------------
/Core/pesp/PseObjFile.pas:
--------------------------------------------------------------------------------
1 | {
2 | Pascal Executable Parser
3 |
4 | by sa, 2014,2015
5 | }
6 |
7 | unit PseObjFile;
8 |
9 | {$IFDEF FPC}
10 | {$MODE Delphi}
11 | {$ENDIF}
12 |
13 | interface
14 |
15 | uses
16 | SysUtils, Classes, PseFile;
17 |
18 | type
19 | {
20 | COFF OBJ files.
21 | }
22 | TPseObjFile = class(TPseFile)
23 |
24 | end;
25 |
26 | implementation
27 |
28 | initialization
29 | // TSadFile.RegisterFile(TObjFile, 2);
30 |
31 | end.
32 |
--------------------------------------------------------------------------------
/Core/pesp/PsePeLoader.pas:
--------------------------------------------------------------------------------
1 | unit PsePeLoader;
2 |
3 | interface
4 |
5 | uses
6 | Classes, PseImgLoader, PseSection, PseVirtMem;
7 |
8 | type
9 | TPsePeLoader = class(TPseImgLoader)
10 | private
11 | procedure LoadSection(AMem: TPseVirtMem; ASection: TPseSection);
12 | public
13 | procedure Load(AMem: TPseVirtMem); override;
14 | end;
15 |
16 | implementation
17 |
18 | procedure TPsePeLoader.Load(AMem: TPseVirtMem);
19 | var
20 | i: integer;
21 | begin
22 | for i := 0 to FFile.Sections.Count - 1 do begin
23 | LoadSection(AMem, FFile.Sections[i]);
24 | end;
25 | end;
26 |
27 | procedure TPsePeLoader.LoadSection(AMem: TPseVirtMem; ASection: TPseSection);
28 | var
29 | seg: TPseMemSegment;
30 | flags: TPseMemFlags;
31 | ms: TMemoryStream;
32 | begin
33 | flags := [];
34 | if (saReadable in ASection.Attribs) then
35 | Include(flags, pmfRead);
36 | if (saWriteable in ASection.Attribs) then
37 | Include(flags, pmfWrite);
38 | if (saExecuteable in ASection.Attribs) then
39 | Include(flags, pmfExecute);
40 | if flags <> [] then begin
41 | seg := AMem.CreateSegment(ASection.Name, ASection.Address,
42 | ASection.Size, [pmfWrite]);
43 | ms := TMemoryStream.Create;
44 | try
45 | ASection.SaveToStream(ms);
46 | ms.Position := 0;
47 | seg.Write(ASection.Address, ms.Memory^, ASection.Size);
48 | finally
49 | ms.Free;
50 | end;
51 | seg.Flags := flags;
52 | end;
53 | end;
54 |
55 | end.
56 |
--------------------------------------------------------------------------------
/Core/pesp/PseRawFile.pas:
--------------------------------------------------------------------------------
1 | {
2 | Pascal Executable Parser
3 |
4 | by sa, 2014,2015
5 | }
6 |
7 | unit PseRawFile;
8 |
9 | {$IFDEF FPC}
10 | {$MODE Delphi}
11 | {$ENDIF}
12 |
13 | interface
14 |
15 | uses
16 | SysUtils, Classes, PseFile, PseSection, PseCmn;
17 |
18 | type
19 | TPseRawFile = class(TPseFile)
20 | private
21 | protected
22 | public
23 | function LoadFromStream(Stream: TStream): boolean; override;
24 | procedure SaveSectionToStream(const ASection: integer; Stream: TStream); override;
25 | function GetEntryPoint: UInt64; override;
26 | function GetFirstAddr: UInt64; override;
27 | function GetArch: TPseArch; override;
28 | function GetMode: TPseMode; override;
29 | function GetFriendlyName: string; override;
30 | end;
31 |
32 | implementation
33 |
34 | function TPseRawFile.LoadFromStream(Stream: TStream): boolean;
35 | var
36 | sec: TPseSection;
37 | begin
38 | Result := inherited;
39 | FStream.Position := 0;
40 | sec := FSections.New;
41 | sec.Address := 0;
42 | sec.Size := FStream.Size;
43 | sec.FileOffset := 0;
44 | // Assume its code
45 | sec.Attribs := [saCode];
46 | if FFilename <> '' then
47 | sec.Name := ExtractFileName(FFilename)
48 | else
49 | sec.Name := '(No name)';
50 | end;
51 |
52 | function TPseRawFile.GetFirstAddr: UInt64;
53 | begin
54 | Result := 0;
55 | end;
56 |
57 | procedure TPseRawFile.SaveSectionToStream(const ASection: integer; Stream: TStream);
58 | var
59 | sec: TPseSection;
60 | begin
61 | sec := FSections[ASection];
62 | FStream.Position := sec.Address;
63 | Stream.CopyFrom(FStream, sec.Size);
64 | end;
65 |
66 | function TPseRawFile.GetEntryPoint: UInt64;
67 | begin
68 | Result := 0;
69 | end;
70 |
71 | function TPseRawFile.GetArch: TPseArch;
72 | begin
73 | Result := pseaUnknown;
74 | end;
75 |
76 | function TPseRawFile.GetMode: TPseMode;
77 | begin
78 | Result := [];
79 | end;
80 |
81 | function TPseRawFile.GetFriendlyName: string;
82 | begin
83 | Result := 'Raw binary';
84 | end;
85 |
86 | initialization
87 |
88 | end.
89 |
--------------------------------------------------------------------------------
/Core/pesp/pse.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/Core/pesp/pse.res
--------------------------------------------------------------------------------
/Core/struct.inc:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Core/unicorn/M68kConst.pas:
--------------------------------------------------------------------------------
1 | // For Unicorn Engine. AUTO-GENERATED FILE, DO NOT EDIT
2 |
3 | unit M68kConst;
4 |
5 | interface
6 |
7 | const
8 | // M68K registers
9 |
10 | UC_M68K_REG_INVALID = 0;
11 | UC_M68K_REG_A0 = 1;
12 | UC_M68K_REG_A1 = 2;
13 | UC_M68K_REG_A2 = 3;
14 | UC_M68K_REG_A3 = 4;
15 | UC_M68K_REG_A4 = 5;
16 | UC_M68K_REG_A5 = 6;
17 | UC_M68K_REG_A6 = 7;
18 | UC_M68K_REG_A7 = 8;
19 | UC_M68K_REG_D0 = 9;
20 | UC_M68K_REG_D1 = 10;
21 | UC_M68K_REG_D2 = 11;
22 | UC_M68K_REG_D3 = 12;
23 | UC_M68K_REG_D4 = 13;
24 | UC_M68K_REG_D5 = 14;
25 | UC_M68K_REG_D6 = 15;
26 | UC_M68K_REG_D7 = 16;
27 | UC_M68K_REG_SR = 17;
28 | UC_M68K_REG_PC = 18;
29 | UC_M68K_REG_ENDING = 19;
30 |
31 | implementation
32 | end.
--------------------------------------------------------------------------------
/Core/unicorn/SparcConst.pas:
--------------------------------------------------------------------------------
1 | // For Unicorn Engine. AUTO-GENERATED FILE, DO NOT EDIT
2 |
3 | unit SparcConst;
4 |
5 | interface
6 |
7 | const
8 | // SPARC registers
9 |
10 | UC_SPARC_REG_INVALID = 0;
11 | UC_SPARC_REG_F0 = 1;
12 | UC_SPARC_REG_F1 = 2;
13 | UC_SPARC_REG_F2 = 3;
14 | UC_SPARC_REG_F3 = 4;
15 | UC_SPARC_REG_F4 = 5;
16 | UC_SPARC_REG_F5 = 6;
17 | UC_SPARC_REG_F6 = 7;
18 | UC_SPARC_REG_F7 = 8;
19 | UC_SPARC_REG_F8 = 9;
20 | UC_SPARC_REG_F9 = 10;
21 | UC_SPARC_REG_F10 = 11;
22 | UC_SPARC_REG_F11 = 12;
23 | UC_SPARC_REG_F12 = 13;
24 | UC_SPARC_REG_F13 = 14;
25 | UC_SPARC_REG_F14 = 15;
26 | UC_SPARC_REG_F15 = 16;
27 | UC_SPARC_REG_F16 = 17;
28 | UC_SPARC_REG_F17 = 18;
29 | UC_SPARC_REG_F18 = 19;
30 | UC_SPARC_REG_F19 = 20;
31 | UC_SPARC_REG_F20 = 21;
32 | UC_SPARC_REG_F21 = 22;
33 | UC_SPARC_REG_F22 = 23;
34 | UC_SPARC_REG_F23 = 24;
35 | UC_SPARC_REG_F24 = 25;
36 | UC_SPARC_REG_F25 = 26;
37 | UC_SPARC_REG_F26 = 27;
38 | UC_SPARC_REG_F27 = 28;
39 | UC_SPARC_REG_F28 = 29;
40 | UC_SPARC_REG_F29 = 30;
41 | UC_SPARC_REG_F30 = 31;
42 | UC_SPARC_REG_F31 = 32;
43 | UC_SPARC_REG_F32 = 33;
44 | UC_SPARC_REG_F34 = 34;
45 | UC_SPARC_REG_F36 = 35;
46 | UC_SPARC_REG_F38 = 36;
47 | UC_SPARC_REG_F40 = 37;
48 | UC_SPARC_REG_F42 = 38;
49 | UC_SPARC_REG_F44 = 39;
50 | UC_SPARC_REG_F46 = 40;
51 | UC_SPARC_REG_F48 = 41;
52 | UC_SPARC_REG_F50 = 42;
53 | UC_SPARC_REG_F52 = 43;
54 | UC_SPARC_REG_F54 = 44;
55 | UC_SPARC_REG_F56 = 45;
56 | UC_SPARC_REG_F58 = 46;
57 | UC_SPARC_REG_F60 = 47;
58 | UC_SPARC_REG_F62 = 48;
59 | UC_SPARC_REG_FCC0 = 49;
60 | UC_SPARC_REG_FCC1 = 50;
61 | UC_SPARC_REG_FCC2 = 51;
62 | UC_SPARC_REG_FCC3 = 52;
63 | UC_SPARC_REG_G0 = 53;
64 | UC_SPARC_REG_G1 = 54;
65 | UC_SPARC_REG_G2 = 55;
66 | UC_SPARC_REG_G3 = 56;
67 | UC_SPARC_REG_G4 = 57;
68 | UC_SPARC_REG_G5 = 58;
69 | UC_SPARC_REG_G6 = 59;
70 | UC_SPARC_REG_G7 = 60;
71 | UC_SPARC_REG_I0 = 61;
72 | UC_SPARC_REG_I1 = 62;
73 | UC_SPARC_REG_I2 = 63;
74 | UC_SPARC_REG_I3 = 64;
75 | UC_SPARC_REG_I4 = 65;
76 | UC_SPARC_REG_I5 = 66;
77 | UC_SPARC_REG_FP = 67;
78 | UC_SPARC_REG_I7 = 68;
79 | UC_SPARC_REG_ICC = 69;
80 | UC_SPARC_REG_L0 = 70;
81 | UC_SPARC_REG_L1 = 71;
82 | UC_SPARC_REG_L2 = 72;
83 | UC_SPARC_REG_L3 = 73;
84 | UC_SPARC_REG_L4 = 74;
85 | UC_SPARC_REG_L5 = 75;
86 | UC_SPARC_REG_L6 = 76;
87 | UC_SPARC_REG_L7 = 77;
88 | UC_SPARC_REG_O0 = 78;
89 | UC_SPARC_REG_O1 = 79;
90 | UC_SPARC_REG_O2 = 80;
91 | UC_SPARC_REG_O3 = 81;
92 | UC_SPARC_REG_O4 = 82;
93 | UC_SPARC_REG_O5 = 83;
94 | UC_SPARC_REG_SP = 84;
95 | UC_SPARC_REG_O7 = 85;
96 | UC_SPARC_REG_Y = 86;
97 | UC_SPARC_REG_XCC = 87;
98 | UC_SPARC_REG_PC = 88;
99 | UC_SPARC_REG_ENDING = 89;
100 | UC_SPARC_REG_O6 = 84;
101 | UC_SPARC_REG_I6 = 67;
102 |
103 | implementation
104 | end.
--------------------------------------------------------------------------------
/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/logo.png
--------------------------------------------------------------------------------
/samples/AntiDbgx32.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/AntiDbgx32.exe
--------------------------------------------------------------------------------
/samples/AntiDbgx32.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/AntiDbgx32.idb
--------------------------------------------------------------------------------
/samples/AntiDbgx64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/AntiDbgx64.exe
--------------------------------------------------------------------------------
/samples/AntiDebugDownloader.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/AntiDebugDownloader.exe
--------------------------------------------------------------------------------
/samples/AntiEmu/blue.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/AntiEmu/blue.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_10L/Lab10-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_10L/Lab10-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_10L/Lab10-01.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_10L/Lab10-01.sys
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_10L/Lab10-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_10L/Lab10-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_10L/Lab10-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_10L/Lab10-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_10L/Lab10-03.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_10L/Lab10-03.sys
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_11L/Lab11-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_11L/Lab11-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_11L/Lab11-02.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_11L/Lab11-02.dll
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_11L/Lab11-02.ini:
--------------------------------------------------------------------------------
1 | CHMMXaL@MV@SD@O@MXRHRCNNJ�BNL
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_11L/Lab11-03.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_11L/Lab11-03.dll
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_11L/Lab11-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_11L/Lab11-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_12L/Lab12-01.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_12L/Lab12-01.dll
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_12L/Lab12-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_12L/Lab12-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_12L/Lab12-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_12L/Lab12-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_12L/Lab12-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_12L/Lab12-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_12L/Lab12-04.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_12L/Lab12-04.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_13L/Lab13-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_13L/Lab13-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_13L/Lab13-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_13L/Lab13-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_13L/Lab13-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_13L/Lab13-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_14L/Lab14-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_14L/Lab14-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_14L/Lab14-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_14L/Lab14-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_14L/Lab14-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_14L/Lab14-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_15L/Lab15-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_15L/Lab15-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_15L/Lab15-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_15L/Lab15-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_15L/Lab15-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_15L/Lab15-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_16L/Lab16-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_16L/Lab16-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_16L/Lab16-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_16L/Lab16-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_16L/Lab16-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_16L/Lab16-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_17L/Lab17-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_17L/Lab17-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_17L/Lab17-02.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_17L/Lab17-02.dll
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_17L/Lab17-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_17L/Lab17-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_17L/findAntiVM.py:
--------------------------------------------------------------------------------
1 | from idautils import *
2 | from idc import *
3 |
4 | heads = Heads(SegStart(ScreenEA()), SegEnd(ScreenEA()))
5 | antiVM = []
6 | for i in heads:
7 | if (GetMnem(i) == "sidt" or GetMnem(i) == "sgdt" or GetMnem(i) == "sldt" or GetMnem(i) == "smsw" or GetMnem(i) == "str" or GetMnem(i) == "in" or GetMnem(i) == "cpuid"):
8 | antiVM.append(i)
9 |
10 | print "Number of potential Anti-VM instructions: %d" % (len(antiVM))
11 |
12 | for i in antiVM:
13 | SetColor(i, CIC_ITEM, 0x0000ff)
14 | Message("Anti-VM: %08x\n" % i)
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_18L/Lab18-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_18L/Lab18-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_18L/Lab18-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_18L/Lab18-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_18L/Lab18-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_18L/Lab18-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_18L/Lab18-04.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_18L/Lab18-04.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_18L/Lab18_05.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_18L/Lab18_05.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_19L/Lab19-01.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_19L/Lab19-01.bin
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_19L/Lab19-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_19L/Lab19-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_19L/Lab19-03.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_19L/Lab19-03.pdf
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_19L/Lab19-03_sc.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_19L/Lab19-03_sc.bin
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_19L/shellcode_launcher.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_19L/shellcode_launcher.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_1L/Lab01-01.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_1L/Lab01-01.dll
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_1L/Lab01-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_1L/Lab01-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_1L/Lab01-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_1L/Lab01-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_1L/Lab01-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_1L/Lab01-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_1L/Lab01-04.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_1L/Lab01-04.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_20L/Lab20-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_20L/Lab20-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_20L/Lab20-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_20L/Lab20-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_20L/Lab20-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_20L/Lab20-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_20L/config.dat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_20L/config.dat
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_21L/Lab21-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_21L/Lab21-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_21L/Lab21-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_21L/Lab21-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_3L/Lab03-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_3L/Lab03-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_3L/Lab03-02.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_3L/Lab03-02.dll
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_3L/Lab03-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_3L/Lab03-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_3L/Lab03-04.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_3L/Lab03-04.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_5L/Lab05-01.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_5L/Lab05-01.dll
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_5L/Lab05-01.py:
--------------------------------------------------------------------------------
1 | sea = ScreenEA()
2 |
3 | for i in range(0x00,0x50):
4 | b = Byte(sea+i)
5 | decoded_byte = b ^ 0x55
6 | PatchByte(sea+i,decoded_byte)
7 |
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_6L/Lab06-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_6L/Lab06-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_6L/Lab06-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_6L/Lab06-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_6L/Lab06-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_6L/Lab06-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_6L/Lab06-04.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_6L/Lab06-04.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_7L/Lab07-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_7L/Lab07-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_7L/Lab07-03.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_7L/Lab07-03.dll
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_7L/Lab07-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_7L/Lab07-03.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_7L/Lab07_01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_7L/Lab07_01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_9L/DLL1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_9L/DLL1.dll
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_9L/DLL2.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_9L/DLL2.dll
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_9L/DLL3.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_9L/DLL3.dll
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_9L/Lab09-01.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_9L/Lab09-01.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_9L/Lab09-02.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_9L/Lab09-02.exe
--------------------------------------------------------------------------------
/samples/BinaryCollection/Chapter_9L/Lab09-03.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/BinaryCollection/Chapter_9L/Lab09-03.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/65535sects.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/65535sects.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/96emptysections.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/96emptysections.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/96workingsections.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/96workingsections.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/appendeddata.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/appendeddata.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/appendedhdr.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/appendedhdr.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/appendedsecttbl.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/appendedsecttbl.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/apphdrW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/apphdrW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/appsectableW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/appsectableW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/aslr-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/aslr-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/aslr.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/aslr.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/bigSoRD.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/bigSoRD.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/bigalign.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/bigalign.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/bigib.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/bigib.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/bigsec.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/bigsec.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/bottomsecttbl.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/bottomsecttbl.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/cfgbogus.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/cfgbogus.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/compiled.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/compiled.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/copyright.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/copyright.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ctxt-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ctxt-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ctxt.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ctxt.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/d_nonnull-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/d_nonnull-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/d_nonnull.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/d_nonnull.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/d_resource-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/d_resource-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/d_resource.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/d_resource.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/d_tiny-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/d_tiny-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/d_tiny.dll:
--------------------------------------------------------------------------------
1 | MZPE�� * tiny data PE (61 bytes)
2 | ���������������������������
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ddsect.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ddsect.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/debug.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/debug.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/delaycorrupt.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/delaycorrupt.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/delayfake.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/delayfake.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/delayimports.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/delayimports.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dep.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dep.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dll-dynld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dll-dynld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dll-dynunicld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dll-dynunicld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dll-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dll-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dll-webdavld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dll-webdavld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dll.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dll.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllbound-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllbound-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllbound-redirld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllbound-redirld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllbound-redirldXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllbound-redirldXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllbound.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllbound.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllbound2.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllbound2.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllcfgdup-dynld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllcfgdup-dynld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllcfgdup.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllcfgdup.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllemptyexp-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllemptyexp-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllemptyexp.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllemptyexp.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllextep-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllextep-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllextep.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllextep.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllfakess-dynld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllfakess-dynld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllfakess-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllfakess-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllfakess.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllfakess.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllfw-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllfw-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllfw.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllfw.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllfwloop-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllfwloop-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllfwloop.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllfwloop.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllmaxvals-dynld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllmaxvals-dynld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllmaxvals-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllmaxvals-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllmaxvals.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllmaxvals.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnegep-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnegep-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnegep.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnegep.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnoexp-dynld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnoexp-dynld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnoexp.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnoexp.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnomain-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnomain-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnomain.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnomain.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnomain2-dynld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnomain2-dynld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnomain2.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnomain2.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnoreloc-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnoreloc-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnoreloc.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnoreloc.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnullep-dynld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnullep-dynld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnullep-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnullep-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllnullep.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllnullep.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllord-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllord-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllord.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllord.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllweirdexp-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllweirdexp-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dllweirdexp.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dllweirdexp.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dosZMXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dosZMXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dotnet20.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dotnet20.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/driver.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/driver.sys
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dump_imports.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dump_imports.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/duphead.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/duphead.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/dupsec.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/dupsec.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/exceptions.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/exceptions.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/exe2pe.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/exe2pe.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/exportobf.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/exportobf.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/exports_doc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/exports_doc.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/exports_order.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/exports_order.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/exportsdata.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/exportsdata.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/fakenet.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/fakenet.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/fakeregs.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/fakeregs.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/fakeregslib.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/fakeregslib.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/fakerelocs.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/fakerelocs.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/fixsum.py:
--------------------------------------------------------------------------------
1 | import pefile
2 | import sys
3 |
4 | fn = sys.argv[1]
5 | pe = pefile.PE(fn)
6 | if pe.OPTIONAL_HEADER.CheckSum == 59788: # pefile checksum can't work on 97 bits files, silently expands data to full optionalheader :(
7 | sys.exit()
8 | pe.OPTIONAL_HEADER.CheckSum = pe.generate_checksum()
9 | pe.write(fn)
10 |
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/foldedhdr.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/foldedhdr.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/foldedhdrW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/foldedhdrW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/footer.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/footer.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/gui.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/gui.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/hard_imports.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/hard_imports.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/hdrcode.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/hdrcode.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/hdrdata.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/hdrdata.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/hiddenappdata1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/hiddenappdata1.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/hiddenappdata2.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/hiddenappdata2.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ibkernel.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ibkernel.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ibkmanual.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ibkmanual.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ibknoreloc64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ibknoreloc64.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ibnullXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ibnullXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ibreloc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ibreloc.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ibrelocW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ibrelocW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/impbyord.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/impbyord.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_apimsW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_apimsW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_badterm.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_badterm.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_bogusIAT.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_bogusIAT.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_corruptedIAT.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_corruptedIAT.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_iatindesc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_iatindesc.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_mixed.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_mixed.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_multidesc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_multidesc.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_nnIAT.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_nnIAT.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_noext.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_noext.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_noint.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_noint.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_nothunk.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_nothunk.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_relocW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_relocW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_tinyW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_tinyW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_tinyXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_tinyXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_virtdesc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_virtdesc.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/imports_vterm.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/imports_vterm.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/importsdotXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/importsdotXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/importshint.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/importshint.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ldrsnaps.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ldrsnaps.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ldrsnaps64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ldrsnaps64.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/lfanew_relocW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/lfanew_relocW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/lfanew_relocXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/lfanew_relocXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/lowaldiff.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/lowaldiff.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/lowsubsys.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/lowsubsys.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/manifest.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/manifest.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/manifest_broken.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/manifest_broken.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/manifest_bsod.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/manifest_bsod.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/manyimportsW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/manyimportsW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/maxsecW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/maxsecW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/maxsecXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/maxsecXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/maxsec_lowaligW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/maxsec_lowaligW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/maxvals.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/maxvals.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/memshared-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/memshared-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/memshared.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/memshared.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/mini.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/mini.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/mscoree.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/mscoree.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/multiss.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/multiss.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/multiss.py:
--------------------------------------------------------------------------------
1 | import pefile
2 | pe = pefile.PE("multiss.exe")
3 |
4 | pe.OPTIONAL_HEADER.Subsystem = pefile.SUBSYSTEM_TYPE["IMAGE_SUBSYSTEM_NATIVE"]
5 | pe.OPTIONAL_HEADER.CheckSum = pe.generate_checksum()
6 | pe.write("multiss_drv.sys")
7 |
8 | pe.OPTIONAL_HEADER.Subsystem = pefile.SUBSYSTEM_TYPE["IMAGE_SUBSYSTEM_WINDOWS_GUI"]
9 | pe.write("multiss_gui.exe")
10 |
11 | pe.OPTIONAL_HEADER.Subsystem = pefile.SUBSYSTEM_TYPE["IMAGE_SUBSYSTEM_WINDOWS_CUI"]
12 | pe.write("multiss_con.exe")
13 |
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/multiss_con.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/multiss_con.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/multiss_drv.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/multiss_drv.sys
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/multiss_gui.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/multiss_gui.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/mz.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/mz.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/namedresource.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/namedresource.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/no0code.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/no0code.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/no_dd.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/no_dd.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/no_dd64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/no_dd64.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/no_dep.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/no_dep.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/no_seh.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/no_seh.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/normal.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/normal.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/normal64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/normal64.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/nosectionW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/nosectionW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/nosectionXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/nosectionXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/nothing-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/nothing-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/nothing.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/nothing.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/nullEP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/nullEP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/nullSOH-XP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/nullSOH-XP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/nullvirt.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/nullvirt.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ownexports.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ownexports.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ownexports2.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ownexports2.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ownexportsdot.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ownexportsdot.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/pdf.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/pdf.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/pdf_zip_pe.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/pdf_zip_pe.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/quine.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/quine.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/reloc4.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/reloc4.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/reloc9.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/reloc9.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/relocOSdet.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/relocOSdet.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/reloccrypt.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/reloccrypt.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/reloccryptW8.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/reloccryptW8.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/reloccryptXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/reloccryptXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/relocsstripped.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/relocsstripped.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/relocsstripped64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/relocsstripped64.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/reshdr.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/reshdr.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/resource.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/resource.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/resource2.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/resource2.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/resource_icon.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/resource_icon.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/resource_string.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/resource_string.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/resourceloop.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/resourceloop.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/safeseh.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/safeseh.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/safeseh_fly.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/safeseh_fly.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/sc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/sc.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/secinsec.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/secinsec.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/seh_change64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/seh_change64.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/shuffledsect.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/shuffledsect.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/signature.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/signature.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/skippeddynbase.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/skippeddynbase.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/slackspace.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/slackspace.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ss63.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ss63.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/ss63nocookie.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/ss63nocookie.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/standard.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/standard.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/testW7-32.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 | echo 32b specific:
3 | echo tinyW7.exe:& tinyW7.exe
4 |
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/testW7-32.txt:
--------------------------------------------------------------------------------
1 | 32b specific:
2 | tinyW7.exe:
3 | * tiny 252 bytes PE (W7 32b only)
4 |
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/testW7-64.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 | echo Low alignments:
3 | echo tinyW7_3264.exe:& tinyW7_3264.exe
4 | echo maxsec_lowaligW7.exe:& maxsec_lowaligW7.exe
5 | echo nosectionW7.exe:& nosectionW7.exe
6 | echo maxsecW7.exe:& maxsecW7.exe
7 | echo 65535sects.exe:& 65535sects.exe
8 | echo appsectableW7.exe:& appsectableW7.exe
9 | echo apphdrW7.exe:& apphdrW7.exe
10 | echo foldedhdrW7.exe:& foldedhdrW7.exe
11 | echo manyimportsW7.exe:& manyimportsW7.exe
12 | echo imports_apimsW7.exe:& imports_apimsW7.exe
13 | echo imports_tinyW7.exe:& imports_tinyW7.exe
14 | echo lfanew_relocW7.exe:& lfanew_relocW7.exe
15 | echo.
16 | echo 64b specific:
17 | echo normal64.exe:& normal64.exe
18 | echo ibknoreloc64.exe:& ibknoreloc64.exe
19 | echo tls64.exe:& tls64.exe
20 | echo no_dd64.exe:& no_dd64.exe
21 | echo relocsstripped64.exe:& relocsstripped64.exe
22 | echo seh_change64.exe:& seh_change64.exe
23 | echo exceptions.exe:& exceptions.exe
24 | echo ldrsnaps64.exe:& ldrsnaps64.exe
25 | echo tinyW7x64.exe:& tinyW7x64.exe
26 | echo.
27 | echo OS Specific:
28 | echo tls_aoiOSDET.exe:& tls_aoiOSDET.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/testW7-64.txt:
--------------------------------------------------------------------------------
1 | Low alignments:
2 | tinyW7_3264.exe:
3 | * tiny 268 bytes PE32 (W7 32b/64b)
4 | maxsec_lowaligW7.exe:
5 | * Low alignment PE with 6666 sections (W7)
6 | nosectionW7.exe:
7 | * Low alignment PE with no section (W7)
8 | maxsecW7.exe:
9 | * PE with 8192 code sections (W7)
10 | 65535sects.exe:
11 | * 65535 physically identical, virtually executed sections
12 | appsectableW7.exe:
13 | * section table in appended data (W7)
14 | apphdrW7.exe:
15 | * NT headers in appended data (W7)
16 | foldedhdrW7.exe:
17 | * PE header overwritten on loading (W7)
18 | manyimportsW7.exe:
19 | * many fake imports, ignored by terminator set by TLS AoI (W7)
20 | imports_apimsW7.exe:
21 | * api-ms-* redirection (Windows7)
22 | imports_tinyW7.exe:
23 | * tiny imports (W7)
24 | lfanew_relocW7.exe:
25 | * relocated e_lfanew with dual PE headers and split DataDirectories
26 |
27 | 64b specific:
28 | normal64.exe:
29 | * a standard PE32+ (imports, standard alignments)
30 | ibknoreloc64.exe:
31 | * kernel IB + RIP-relative code (PE32+)
32 | tls64.exe:
33 | - callback called
34 | * a standard PE32+ with TLS
35 | no_dd64.exe:
36 | * a PE32+ with no data directory, resolving imports manually
37 | relocsstripped64.exe:
38 | * a PE32+ using relocations, even if RELOCS_STRIPPED is set (Delta: 0bc908d949e940000h)
39 | seh_change64.exe:
40 | * a 64b PE with an exception handler address modified on the fly
41 | exceptions.exe:
42 | * a 64b PE making use of an Exception DataDirectory
43 | ldrsnaps64.exe:
44 | * a PE32+ enabling LoaderSnaps via its LoadConfig DataDirectory (GlobalFlags: 00000402)
45 | tinyW7x64.exe:
46 | * tiny 268 bytes PE32+ (W7 64b only)
47 |
48 | OS Specific:
49 | tls_aoiOSDET.exe:
50 | * TLS AoI => W7
51 |
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/testW8.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 | echo miniw8.exe:& miniw8.exe
3 | echo reloccryptW8.exe:& reloccryptW8.exe
4 | echo importsdotXP.exe:& importsdotXP.exe
5 |
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/testXP.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 | echo ibreloc.exe:& ibreloc.exe
3 | echo ibnullXP.exe:& ibnullXP.exe
4 | echo dllbound-redirldXP.exe:& dllbound-redirldXP.exe
5 | echo.
6 | echo Low alignments:
7 | echo nosectionXP.exe:& nosectionXP.exe
8 | echo virtsectblXP.exe:& virtsectblXP.exe
9 | echo nullSOH-XP.exe:& nullSOH-XP.exe
10 | echo maxsecXP.exe:& maxsecXP.exe
11 | echo.
12 | echo misc:
13 | echo tinydllXP-ld.exe:& tinydllXP-ld.exe
14 | echo reloccryptXP.exe:& reloccryptXP.exe
15 | echo imports_tinyXP.exe:& imports_tinyXP.exe
16 | echo multiss_con.exe:& multiss_con.exe
17 | echo nothing-ld.exe:& nothing-ld.exe
18 | echo lfanew_relocXP.exe:& lfanew_relocXP.exe
19 | echo virtrelocXP.exe:& virtrelocXP.exe
20 | echo importsdotXP.exe:& importsdotXP.exe
21 | echo.
22 | echo DOS:
23 | echo dosZMXP.exe:& dosZMXP.exe
24 | echo.
25 | echo OS Specific:
26 | echo tls_aoiOSDET.exe:& tls_aoiOSDET.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/testxp.txt:
--------------------------------------------------------------------------------
1 | ibreloc.exe:
2 | * relocated ImageBase (only affects EntryPoint)
3 | ibnullXP.exe:
4 | * null IMAGEBASE with relocations (XP only)
5 | dllbound-redirldXP.exe:
6 | * export of an unexpected DLL called (corrupted bound imports)
7 |
8 | Low alignments:
9 | nosectionXP.exe:
10 | * Low alignment PE with no section (XP)
11 | virtsectblXP.exe:
12 | * Low alignment PE with a virtual section table (XP)
13 | nullSOH-XP.exe:
14 | * Low alignment PE with a null SizeOfOptionalHeader (XP)
15 | maxsecXP.exe:
16 | * Low alignment PE with 96 fake sections (XP)
17 |
18 | misc:
19 | tinydllXP-ld.exe:
20 | * dynamically loading minimal 97 bytes DLL
21 | # dll loaded
22 | reloccryptXP.exe:
23 | * decryption via relocations (from null imagebase, XP only)
24 | imports_tinyXP.exe:
25 | * tiny imports
26 | multiss_con.exe:
27 | * multisystem PE (console)nothing-ld.exe:
28 | lfanew_relocXP.exe:
29 | * relocated e_lfanew with dual (+unused) PE headers and DataDirectory (XP)
30 | virtrelocXP.exe:
31 | * (LA+manual reloc) fake virtual relocs (XP)
32 | importsdotXP.exe:
33 | * a PE using trailing dots in its imports (XP only)
34 |
35 | DOS:
36 | dosZMXP.exe:
37 | * EXE with ZM signature
38 |
39 | OS Specific:
40 | tls_aoiOSDET.exe:
41 | * TLS AoI => XP
42 |
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tiny.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tiny.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tinyW7.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tinyW7.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tinyW7_3264.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tinyW7_3264.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tinyW7x64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tinyW7x64.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tinyXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tinyXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tinydll-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tinydll-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tinydll.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tinydll.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tinydllXP-ld.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tinydllXP-ld.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tinydllXP.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tinydllXP.dll
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tinydrivXP.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tinydrivXP.sys
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tinygui.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tinygui.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tinynet.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tinynet.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls64.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls_aoi.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls_aoi.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls_aoiOSDET.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls_aoiOSDET.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls_exiting.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls_exiting.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls_import.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls_import.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls_k32.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls_k32.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls_noEP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls_noEP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls_obfuscation.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls_obfuscation.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls_onthefly.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls_onthefly.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls_reloc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls_reloc.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/tls_virtEP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/tls_virtEP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/truncatedlast.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/truncatedlast.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/truncsectbl.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/truncsectbl.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/version_cust.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/version_cust.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/version_mini.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/version_mini.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/version_std.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/version_std.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/virtEP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/virtEP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/virtgap.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/virtgap.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/virtrelocXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/virtrelocXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/virtsectblXP.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/virtsectblXP.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/weirdsord.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/weirdsord.exe
--------------------------------------------------------------------------------
/samples/Corkami_tests/bin/winver.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Corkami_tests/bin/winver.exe
--------------------------------------------------------------------------------
/samples/Downloader.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Downloader.exe
--------------------------------------------------------------------------------
/samples/Int3Hook.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Int3Hook.exe
--------------------------------------------------------------------------------
/samples/MessageBox_x64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/MessageBox_x64.exe
--------------------------------------------------------------------------------
/samples/PEB_MSGBOX.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/PEB_MSGBOX.exe
--------------------------------------------------------------------------------
/samples/Shellcodes/MsgBox64.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/MsgBox64.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/URLDownloadToFile.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/URLDownloadToFile.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/Wincalc.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/Wincalc.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/ZUrlDownloadToFile.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/ZUrlDownloadToFile.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/down_exec64.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/down_exec64.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/UnhandledExceptionFilter.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/UnhandledExceptionFilter.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/UrlDownloadToFile.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/UrlDownloadToFile.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/alloc_hook_patch.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/alloc_hook_patch.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/calc.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/calc.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/codbot.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/codbot.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/countdown.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/countdown.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/dropz.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/dropz.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/getpc_1.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/getpc_1.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/getpc_2.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/getpc_2.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/msgbox.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/msgbox.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/msgbox2.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/msgbox2.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/pop_XXXX.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/pop_XXXX.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/recv_cmd.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/recv_cmd.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/recvfile.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/recvfile.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/seh_winexec.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/seh_winexec.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/shellexec.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/shellexec.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/tftp.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/tftp.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/sc_samples/vncdll.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/sc_samples/vncdll.sc
--------------------------------------------------------------------------------
/samples/Shellcodes/tm.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/Shellcodes/tm.sc
--------------------------------------------------------------------------------
/samples/case.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/case.exe
--------------------------------------------------------------------------------
/samples/case_packed_fsg.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/case_packed_fsg.exe
--------------------------------------------------------------------------------
/samples/cpuid.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/cpuid.exe
--------------------------------------------------------------------------------
/samples/dropper.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/dropper.exe
--------------------------------------------------------------------------------
/samples/mal.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/mal.exe
--------------------------------------------------------------------------------
/samples/malxx.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/malxx.exe
--------------------------------------------------------------------------------
/samples/obfuscated/obfuscated.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/obfuscated/obfuscated.exe
--------------------------------------------------------------------------------
/samples/obfuscated/original.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/obfuscated/original.exe
--------------------------------------------------------------------------------
/samples/obfuscated/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/obfuscated/readme.txt
--------------------------------------------------------------------------------
/samples/obfuscated/source.asm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/obfuscated/source.asm
--------------------------------------------------------------------------------
/samples/obfuscated/w00t.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/obfuscated/w00t.exe
--------------------------------------------------------------------------------
/samples/real/ArtraDownloader:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/real/ArtraDownloader
--------------------------------------------------------------------------------
/samples/small.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/small.exe
--------------------------------------------------------------------------------
/samples/url.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Coldzer0/Cmulator/3b9fbb31ed78d3d7870e36e5f9d45845b15f5c56/samples/url.exe
--------------------------------------------------------------------------------