I am currently looking for cool & interesting university or college course. If you have any information, feel free to contact me..


Archive for August, 2007

17Aug

Finding Easter Eggs for fun but not for profit :P!

Windows

Only the most skilled ninjas are able to find out easter eggs… Even Alice needed to follow the rabbit to find them… “We are all mad here!” hihi
O.S. Version: Windows 2003 SP1 Checked only
Module: diskdump.sys

; Exported entry 10. ScsiPortGetPhysicalAddress
; SCSI_PHYSICAL_ADDRESS __stdcall ScsiPortGetPhysicalAddress
; (PVOID HwDeviceExtension,
; PSCSI_REQUEST_BLOCK Srb,
; PVOID VirtualAddress,
;ULONG *Length)

_ScsiPortGetPhysicalAddress@16: ; CODE XREF: StorPortGetPhysicalAddress(x,x,x,x)
[…]

3 Comments | add comment read the rest of this entry »
14Aug

Patchguard 3.0 ? :)

Blogging, Windows

http://www.microsoft.com/technet/security/advisory/932596.mspx
Microsoft Security Advisory (932596)
Update to Improve Kernel Patch Protection
Published: August 14, 2007
An update is available for Kernel Patch Protection included with x64-based Windows operating systems. Kernel Patch Protection protects code and critical structures in the Windows kernel from modification by unknown code or data. This update adds additional checks to this protection for increased reliability, […]

No Comments | add comment read the rest of this entry »
14Aug

Waldo!!

Blogging, Windows

As I explained in a previous post (Here). There are some funny programmers in Redmond who like to put some hidden strings.
The following sample is from Windows 2000 Kernel.
.text:004054A0 94 7F 00 C0 4F B9 60 EE 66 19 14 06 45 72 69 63 Eric
.text:004054B0 46 2E 4E 65 6C […]

1 Comment | add comment read the rest of this entry »
04Aug

Some useful commands (Memento)

Debugging, Windows

If one time you want to fill a buffer (here size is 0×10000) with null bytes, and put a string inside.
Don’t forget the “a” between “>” and “< "
kd> $$>a< “FULL_SCRIPT_PATH” BASE_ADDRESS

$$
$$ Matthieu Suiche 08/2007
$$ http://www.msuiche.net
$$

.if (${/d:$arg1})
{
f ${$arg1} L10000 0

ea ${$arg1} “I’m a fucking string !!!! test […]

No Comments | add comment read the rest of this entry »
03Aug

First steps with WinDbg scripting… (Memento)

Debugging, Windows

Here is a sample of script for Windbg for people who doesn’t want to waste time because they don’t find any document.
Firstly, to declare a variable you must use the prefix “r”. Moreover, the name must be $t[0..n]
Secondly, if you use the flag “/D” after “.printf” you can use pseudo-html code inside.
Thirdly, to read the […]

No Comments | add comment read the rest of this entry »