scripts_for_RE

Python scripts for reverse engineering.

create_suspended_process.py

Launches a suspended process.

mem2file.py

Modifies the give raw PE memory dump file to load it with IDA properly.

load_IAT.py

(IDA Only) Loads an output of a 'dps' command and apply it to the IDB file.

parse_x64_SEH.py

(IDA Only) Locates SEH try blocks, exception filters and handlers for x64 Windows.

parse_ARM_SEH.py

(IDA Only) Locates SEH try blocks, exception filters and handlers for Windows RT.

merge_functions.py

(IDA Only) Merges a given function with the next function.

visualize_binary.py

Generates a PNG image file that represents the contents of a specified file.

apply_all_signatures.py

(IDA Only) Applies all FLIRT signatures in a /sig directory.

color_as_default.py

(IDA Only) Changes all instructions color to default.

find_ARMB_prologue.py

(IDA Only) Finds function-prologue-like byte sequences for ARMB.

highlight_all_CALLs.py

(IDA Only) Highlights all function call instructions in a given binary file.

show_SEH_chain.py

(IDA Only) Shows SEH chains (stack and handlers) for all threads.

rotate.py

Provides _ROR4_, _ROR8_, _ROL4_ and _ROL8_ functions.

Name		Name	Last commit message	Last commit date
Latest commit History 28 Commits
README.md		README.md
apply_all_signatures.py		apply_all_signatures.py
color_as_default.py		color_as_default.py
create_suspended_process.py		create_suspended_process.py
find_ARMB_prologue.py		find_ARMB_prologue.py
highlight_all_CALLs.py		highlight_all_CALLs.py
load_IAT.py		load_IAT.py
mem2file.py		mem2file.py
merge_functions.py		merge_functions.py
parse_ARM_SEH.py		parse_ARM_SEH.py
parse_x64_SEH.py		parse_x64_SEH.py
rotate.py		rotate.py
show_SEH_chain.py		show_SEH_chain.py
visualize_binary.py		visualize_binary.py

tandasat/scripts_for_RE

Folders and files

Latest commit

History

Repository files navigation