The project is split into several parts:
- The kernel driver, with simple 3D command forwarding and 3D resource allocation
- The userland driver, in fact the OpenGL backend
- The reference, explaining virtio-gpu commands
heruix
heruix
/ ida2to3.py
Created
November 15, 2019 23:00
— forked from WanderingGlitch/ida2to3.py
IDA 2to3 fixers to help move from the newer APIs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ''' | |
| This has some pretty gross hacks in it | |
| But gives a general idea what it is like to write a 2to3 fixer | |
| Basically run like this: | |
| ida2to3.py /path/to/your/script /path/to/idc_bc695.py | |
| Give it a once over to make sure it didn't break too much, then: |
heruix
/ readme.md
Created
April 7, 2019 13:18
— forked from Keenuts/readme.md
GSoC 2017 | Virgl Windows Driver
heruix
/ README.md
Created
April 23, 2018 22:57
— forked from jthuraisamy/README.md
PyExZ3 Example with HackSysExtremeVulnerableDriver
TL;DR: Using symbolic execution to recover driver IOCTL codes that are computed at runtime.
The goal here is to find valid IOCTL codes for the HackSysExtremeVulnerableDriver by analyzing the binary. The control flow varies between the binary and source due to compiler optimizations. This results in a situation where only a few IOCTL codes in the assembly are represented as a constant with the remaining being computed at runtime.
The code in hevd_ioctl.py is a approximation of the control flow of the compiled IrpDeviceIoCtlHandler function. The effects of the compiler optimization are more pronounced when comparing this code to the original C function. To comply with requirements of the PyExZ3 module, the target function is named after the script's filename, and the `ex
heruix
/ spectre.c
Created
January 7, 2018 07:51
— forked from ErikAugust/spectre.c
Spectre example code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #ifdef _MSC_VER | |
| #include <intrin.h> /* for rdtscp and clflush */ | |
| #pragma optimize("gt",on) | |
| #else | |
| #include <x86intrin.h> /* for rdtscp and clflush */ | |
| #endif |
heruix
/ Wannacrypt0r-FACTSHEET.md
Created
May 14, 2017 13:45
— forked from Epivalent/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
heruix
/ Wannacrypt0r-FACTSHEET.md
Created
May 14, 2017 13:45
— forked from rain-1/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
SECURITY BULLETIN AND UPDATES HERE: h
heruix
/ nasm.targets
Created
April 19, 2017 08:46
— forked from zhaozg/nasm.targets
nasm.targets for visualstudio 2012
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <ItemGroup> | |
| <PropertyPageSchema | |
| Include="$(MSBuildThisFileDirectory)$(MSBuildThisFileName).xml" /> | |
| <AvailableItemName Include="NASM"> | |
| <Targets>_NASM</Targets> | |
| </AvailableItemName> | |
| </ItemGroup> | |
| <PropertyGroup> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <linux/kernel.h> | |
| #include <linux/init.h> | |
| #include <linux/module.h> | |
| #include <linux/fs.h> | |
| #include <linux/blkdev.h> | |
| #include <linux/cdev.h> | |
| #include <linux/kthread.h> | |
| #include <linux/interrupt.h> | |
| #include <linux/bio.h> | |
| #include <linux/blkdev.h> |