├── .gitignore ├── LICENSE ├── MSDN_crawler ├── extract_til_constant_info.py └── msdn_crawler.py ├── README.md ├── code_grafter ├── README.md └── function_replacements.c ├── decompiler_scripts ├── find_get_proc_address.py └── stack_strings_helper.py ├── examples ├── argtracker_example1.py └── argtracker_example2.py ├── plugins ├── apply_callee_type_plugin.py ├── shellcode_hashes_search_plugin.py ├── stackstrings_plugin.py └── struct_typer_plugin.py ├── python └── flare │ ├── IDB_MSDN_Annotator │ ├── __init__.py │ ├── img │ │ ├── 0-0-0.png │ │ ├── 0-0-1.png │ │ ├── 0-1-0.png │ │ ├── 0-1-1.png │ │ ├── 1-0-0.png │ │ ├── 1-0-1.png │ │ ├── 1-1-0.png │ │ └── 1-1-1.png │ └── xml_parser.py │ ├── __init__.py │ ├── annotate_IDB_MSDN.py │ ├── apply_callee_type.py │ ├── apply_callee_type_widget.py │ ├── argtracker.py │ ├── code_grafter.py │ ├── idb2pat.py │ ├── ironstrings │ ├── README.md │ ├── ironstrings.py │ └── strings.py │ ├── jayutils.py │ ├── mykutils.py │ ├── objc2_analyzer.py │ ├── objc2_xrefs_helper.py │ ├── revil_string_decrypt.py │ ├── seghelper.py │ ├── shellcode_hash_search.py │ ├── shellcode_widget.py │ ├── shellcodechooser.py │ ├── stackstrings.py │ ├── struct_typer.py │ ├── struct_typer_widget.py │ └── ui │ ├── apply_callee_dialog.ui │ ├── shellcodechooser.ui │ └── struct_typer_widget.ui └── shellcode_hashes ├── README.md ├── make_sc_hash_db.py └── sc_hashes.db /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/LICENSE -------------------------------------------------------------------------------- /MSDN_crawler/extract_til_constant_info.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/MSDN_crawler/extract_til_constant_info.py -------------------------------------------------------------------------------- /MSDN_crawler/msdn_crawler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/MSDN_crawler/msdn_crawler.py -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/README.md -------------------------------------------------------------------------------- /code_grafter/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/code_grafter/README.md -------------------------------------------------------------------------------- /code_grafter/function_replacements.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/code_grafter/function_replacements.c -------------------------------------------------------------------------------- /decompiler_scripts/find_get_proc_address.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/decompiler_scripts/find_get_proc_address.py -------------------------------------------------------------------------------- /decompiler_scripts/stack_strings_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/decompiler_scripts/stack_strings_helper.py -------------------------------------------------------------------------------- /examples/argtracker_example1.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/examples/argtracker_example1.py -------------------------------------------------------------------------------- /examples/argtracker_example2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/examples/argtracker_example2.py -------------------------------------------------------------------------------- /plugins/apply_callee_type_plugin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/plugins/apply_callee_type_plugin.py -------------------------------------------------------------------------------- /plugins/shellcode_hashes_search_plugin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/plugins/shellcode_hashes_search_plugin.py -------------------------------------------------------------------------------- /plugins/stackstrings_plugin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/plugins/stackstrings_plugin.py -------------------------------------------------------------------------------- /plugins/struct_typer_plugin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/plugins/struct_typer_plugin.py -------------------------------------------------------------------------------- /python/flare/IDB_MSDN_Annotator/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/IDB_MSDN_Annotator/__init__.py -------------------------------------------------------------------------------- /python/flare/IDB_MSDN_Annotator/img/0-0-0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/IDB_MSDN_Annotator/img/0-0-0.png -------------------------------------------------------------------------------- /python/flare/IDB_MSDN_Annotator/img/0-0-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/IDB_MSDN_Annotator/img/0-0-1.png -------------------------------------------------------------------------------- /python/flare/IDB_MSDN_Annotator/img/0-1-0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/IDB_MSDN_Annotator/img/0-1-0.png -------------------------------------------------------------------------------- /python/flare/IDB_MSDN_Annotator/img/0-1-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/IDB_MSDN_Annotator/img/0-1-1.png -------------------------------------------------------------------------------- /python/flare/IDB_MSDN_Annotator/img/1-0-0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/IDB_MSDN_Annotator/img/1-0-0.png -------------------------------------------------------------------------------- /python/flare/IDB_MSDN_Annotator/img/1-0-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/IDB_MSDN_Annotator/img/1-0-1.png -------------------------------------------------------------------------------- /python/flare/IDB_MSDN_Annotator/img/1-1-0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/IDB_MSDN_Annotator/img/1-1-0.png -------------------------------------------------------------------------------- /python/flare/IDB_MSDN_Annotator/img/1-1-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/IDB_MSDN_Annotator/img/1-1-1.png -------------------------------------------------------------------------------- /python/flare/IDB_MSDN_Annotator/xml_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/IDB_MSDN_Annotator/xml_parser.py -------------------------------------------------------------------------------- /python/flare/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /python/flare/annotate_IDB_MSDN.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/annotate_IDB_MSDN.py -------------------------------------------------------------------------------- /python/flare/apply_callee_type.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/apply_callee_type.py -------------------------------------------------------------------------------- /python/flare/apply_callee_type_widget.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/apply_callee_type_widget.py -------------------------------------------------------------------------------- /python/flare/argtracker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/argtracker.py -------------------------------------------------------------------------------- /python/flare/code_grafter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/code_grafter.py -------------------------------------------------------------------------------- /python/flare/idb2pat.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/idb2pat.py -------------------------------------------------------------------------------- /python/flare/ironstrings/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/ironstrings/README.md -------------------------------------------------------------------------------- /python/flare/ironstrings/ironstrings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/ironstrings/ironstrings.py -------------------------------------------------------------------------------- /python/flare/ironstrings/strings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/ironstrings/strings.py -------------------------------------------------------------------------------- /python/flare/jayutils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/jayutils.py -------------------------------------------------------------------------------- /python/flare/mykutils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/mykutils.py -------------------------------------------------------------------------------- /python/flare/objc2_analyzer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/objc2_analyzer.py -------------------------------------------------------------------------------- /python/flare/objc2_xrefs_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/objc2_xrefs_helper.py -------------------------------------------------------------------------------- /python/flare/revil_string_decrypt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/revil_string_decrypt.py -------------------------------------------------------------------------------- /python/flare/seghelper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/seghelper.py -------------------------------------------------------------------------------- /python/flare/shellcode_hash_search.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/shellcode_hash_search.py -------------------------------------------------------------------------------- /python/flare/shellcode_widget.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/shellcode_widget.py -------------------------------------------------------------------------------- /python/flare/shellcodechooser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/shellcodechooser.py -------------------------------------------------------------------------------- /python/flare/stackstrings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/stackstrings.py -------------------------------------------------------------------------------- /python/flare/struct_typer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/struct_typer.py -------------------------------------------------------------------------------- /python/flare/struct_typer_widget.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/struct_typer_widget.py -------------------------------------------------------------------------------- /python/flare/ui/apply_callee_dialog.ui: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/ui/apply_callee_dialog.ui -------------------------------------------------------------------------------- /python/flare/ui/shellcodechooser.ui: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/ui/shellcodechooser.ui -------------------------------------------------------------------------------- /python/flare/ui/struct_typer_widget.ui: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/python/flare/ui/struct_typer_widget.ui -------------------------------------------------------------------------------- /shellcode_hashes/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/shellcode_hashes/README.md -------------------------------------------------------------------------------- /shellcode_hashes/make_sc_hash_db.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/shellcode_hashes/make_sc_hash_db.py -------------------------------------------------------------------------------- /shellcode_hashes/sc_hashes.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-ida/HEAD/shellcode_hashes/sc_hashes.db --------------------------------------------------------------------------------