Waldo!!
Blogging, WindowsAs I explained in a previous post (Here). There are some funny programmers in Redmond who like to put some hidden strings.
The following sample is from Windows 2000 Kernel.
.text:004054A0 94 7F 00 C0 4F B9 60 EE 66 19 14 06 45 72 69 63 Eric
.text:004054B0 46 2E 4E 65 6C 73 6F 6E DE B0 FE 50 6A 59 D2 11 F.Nelson
But who is Eric. F. Nelson? :)
Moreover, in NtSetVolumeInformationFile() a guy named Jess put his fingerprint too :p
PAGE:004D71BD mov esi, offset KernelConspiration PAGE:004D71C2 lea edi, [ebp+UnusedString] PAGE:004D71C5 movsd PAGE:004D71C6 movsd PAGE:004D71C7 movsd PAGE:004D71C8 movsd
As we guess, the four bytes are the name of the person, but what means the three additional dwords?
.text:00405338 KernelConspiration db 'Jess' .text:0040533C dd 11D0812Ah .text:00405340 dd 8C7BEh .text:00405344 dd 2F09E22Bh
typedef struct _KERNEL_CONSPIRATION { BYTE szName[4]; DWORD HarryKilledVoldemort; DWORD HarryGetMarriedWithGinny; DWORD AndRonWithHermione; } KERNEL_CONSPIRATION, *PKERNEL_CONSPIRATION;
Oops! I’m not a spoiler !! hahaha
Save the trees, stop Harry Potter’s publication!
Tuesday, August 14th, 2007 at 12:58 pm and is filed under Blogging, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
/ ! \ SPOILER / ! \
mais bien trippant ;)