Matthieu Suiche’s blog !

Finding Easter Eggs for fun but not for profit :P!

by Matthieu Suiche on Aug.17, 2007, under Windows

Only the most skilled ninjas are able to find out easter eggs… Even Alice needed to follow the rabbit to find them… “We are all mad here!” hihi

O.S. Version: Windows 2003 SP1 Checked only
Module: diskdump.sys

; Exported entry  10. ScsiPortGetPhysicalAddress
; SCSI_PHYSICAL_ADDRESS __stdcall ScsiPortGetPhysicalAddress
; (PVOID HwDeviceExtension,
; PSCSI_REQUEST_BLOCK Srb,
; PVOID VirtualAddress,
;ULONG *Length)

 _ScsiPortGetPhysicalAddress@16: ; CODE XREF: StorPortGetPhysicalAddress(x,x,x,x)
                 mov     edi, edi
                 push    ebp
                 mov     ebp, esp
                 mov     edx, [ebp+arg_4]
                 test    edx, edx
                 push    esi
                 jz      loc_1308D
                 mov     eax, _DeviceExtension
                 cmp     byte ptr [eax+2B9h], 0 ; Magic byte inside DriverExtension's Buffer :)
                 jz      short Hidden_String
[...]
 Hidden_String:
                 push    offset aDiskdumpJeffLe ; "DISKDUMP: Jeff led me to believe this c"...
                 push    0
                 call    _ScsiDebugPrint
[...]
 aDiskdumpJeffLe  db 'DISKDUMP: Jeff led me to believe this code may never get executed.',0Ah,0

Never say never again :)

3 comments for this entry:
  1. newsoft
    August 18th, 2007 on 7:54 pm

    Nice one ! ;)

  2. sandro gauci
    September 8th, 2007 on 6:39 pm

    sweeet =)

  3. Wahoo
    October 7th, 2007 on 1:39 am

    Thank you for sharing!

Leave a Reply

Powered by WP Hashcash

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

Archives

All entries, chronologically...