Finding Easter Eggs for fun but not for profit :P!

Matthieu Suiche On August - 17 - 2007

Only the most skilled ninjas are able to find out easter eggs… Even Alice needed to follow the rabbit to find them… “We are all mad here!” hihi

O.S. Version: Windows 2003 SP1 Checked only
Module: diskdump.sys

; Exported entry  10. ScsiPortGetPhysicalAddress
; SCSI_PHYSICAL_ADDRESS __stdcall ScsiPortGetPhysicalAddress
; (PVOID HwDeviceExtension,
; PSCSI_REQUEST_BLOCK Srb,
; PVOID VirtualAddress,
;ULONG *Length)

 _ScsiPortGetPhysicalAddress@16: ; CODE XREF: StorPortGetPhysicalAddress(x,x,x,x)
                 mov     edi, edi
                 push    ebp
                 mov     ebp, esp
                 mov     edx, [ebp+arg_4]
                 test    edx, edx
                 push    esi
                 jz      loc_1308D
                 mov     eax, _DeviceExtension
                 cmp     byte ptr [eax+2B9h], 0 ; Magic byte inside DriverExtension's Buffer :)
                 jz      short Hidden_String
[...]
 Hidden_String:
                 push    offset aDiskdumpJeffLe ; "DISKDUMP: Jeff led me to believe this c"...
                 push    0
                 call    _ScsiDebugPrint
[...]
 aDiskdumpJeffLe  db 'DISKDUMP: Jeff led me to believe this code may never get executed.',0Ah,0

Never say never again :)

3 Responses so far.

  1. newsoft says:
    August 18, 2007 at 7:54 pm

    Nice one ! ;)

  2. sandro gauci says:
    September 8, 2007 at 6:39 pm

    sweeet =)

  3. Wahoo says:
    October 7, 2007 at 1:39 am

    Thank you for sharing!

Twitter Updates

Featured Video

Sponsors