Prerequisities Make sure that you have dumped binary from memory (optionally) Fix PE headers if necessary Unmap With PE bear Open PE-bear > Sections > Section Headers Make sure that VA and VS matches RA and RS, so: RA[i] = VA[i] RS[i] = RA[i+1] - RA[i] RS.reloc = 0 VS[i] = RS[i] If you see some red blocks it means that PE is probably misalligned, check: Fix misalligned sections ...
Linux echo 0 | sudo tee /proc/sys/kernel/randomize_va_space radare2 # disable ASLR & reanalyse dor aslr=no aaa Windows Windows 7 Open RegEdit Goto: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ Create new value (not a key): MoveImages with value 0. Reboot. Windows 10 Disable ASLR per file Set-Processmitigation -Name name.exe -Disable ForceRelocateImages Disable ASLR by default Search in Windows for: “windows defender Security Center” Click on the second icon from the bottom: “App & browser control” Scroll to the bottom and click on: “Exploit protection settings” Set “Force randomization for images “ to OFF. Reboot References Disable ASLR for Easier Malware Debugging With x64dbg and IDA Pro Gist Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro (OALabs Quick Tip) : ReverseEngineering
Journey of finding ideal note-taking app TL;DR: If you want to transfer your bear notes to markdown goto Move your bear notes, if you want to emulate Bear multi-tagging check Multitagging support. Once upon a time I was using Bear.app for writing and organizing notes. It had really good features like multi-tagging and couple of other nice features like pseudo markdown support. Unfortunatelly a lot of things were bugged, developers slow in fixing them so I decided to move my notes from Bear to other platform. ...
Structures C struct vs C++ class C struct functions are loosely correlated with paramaters, parameters are usually passed via pointer, it may look like array for struct with 2 identical parameters in struct, for structures created dynamically look for malloc with non-usual size. C++ class Find constructor, it have always 1 argument (this pointer -> thiscall), main() function have initialization function __main with ctor initlizers, after creation of class with new operator the class constructor is called (can be empty), Methods are called with thiscall convention. Inheritance Constructors of base class are called 1st in child class, additionally assigment to variables in class definition is put inside constructor: ...