Sometimes I like to write code... and sometimes I share that code... other times, I don't.
MALWARE
[2008.04.24]
Kraken Wireshark Dissector -- This Wireshark plugin can be used to decode Kraken traffic in either real-time or from saved pcap files. The source code is included for those who wish to rebuild the plugin from scratch. If you wish to expand the plugin, please feel free. The plugin was designed in such a way that individual types could be expanded upon with custom decoders while the rest of the plugin allows for generic decoding.
CHICKEN
[2008.03.09]
Chicken Symbol Labeler -- This script will ask the user for the location of the C_toplevel function and then proceed to create the variable names for each symbol it finds of type C_string and C_h_intern. This can save you hours of manual work when grooming your CHICKEN database.
[2008.03.09]
Chicken Structure and Enum Constructor -- This script will construct the SCHEME_BLOCK structures (of type C_CLOSURE|1 through C_CLOSURE|0xF) and common enums used by CHICKEN apps.
[2008.03.11]
Label Relative Offsets -- This script will label each relative offset in a function with the real address (or label, if defined). Whenever a program is compiled such that all variables are referenced as [reg+offset] where reg is a product of the function's position in memory, manually calculating each variable address can be burdensome. This script fixes that.