tag:blogger.com,1999:blog-7865284935253612822Fri, 01 Nov 2024 11:53:14 +0000General SecurityPhotographyDebuggingTravelTrojanshttp://gviz.blogspot.com/noreply@blogger.com (Unknown)Blogger14125tag:blogger.com,1999:blog-7865284935253612822.post-8949082396906937663Fri, 26 Oct 2007 18:40:00 +00002007-10-26T11:49:33.364-07:00Photography<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl5PhjWcBzEBnTDXP0tb1vRllX7IZD42QW37QfFgkJZU70nOyyhZLHgcAnJWm9H3ASNnwVq6r7pxJhVprM6MCkKAjqr4YcgWfxvMnVWHiE9kkAZzGrrBFCDjc_k3EfOrmWN7WdQyDIeVM/s1600-h/teamwork.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl5PhjWcBzEBnTDXP0tb1vRllX7IZD42QW37QfFgkJZU70nOyyhZLHgcAnJWm9H3ASNnwVq6r7pxJhVprM6MCkKAjqr4YcgWfxvMnVWHiE9kkAZzGrrBFCDjc_k3EfOrmWN7WdQyDIeVM/s320/teamwork.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5125718912537465010" /></a>http://gviz.blogspot.com/2007/10/teamwork.htmlnoreply@blogger.com (Unknown)4tag:blogger.com,1999:blog-7865284935253612822.post-514016268109029632Sun, 30 Sep 2007 05:31:00 +00002007-09-29T22:47:49.944-07:00General SecurityTrojansF-secure recently released a paper on Banking Trojans. The paper talks about various methods used by Trojans targeting online money transactions. It also talks about a tool called “Mstrings” which helps in identifying Banking Trojans.<br /><br />The paper is available at <a href="http://www.f-secure.com/weblog/archives/VB2007_TheTrojanMoneySpinner.pdf">F-secure's website</a>.http://gviz.blogspot.com/2007/09/banking-trojans.htmlnoreply@blogger.com (Unknown)0tag:blogger.com,1999:blog-7865284935253612822.post-5280201527016065853Thu, 13 Sep 2007 06:06:00 +00002007-09-12T23:55:26.236-07:00General SecurityRecently a list of around 100 email ids and passwords were posted by a hacker on his website (<a href=http://derangedsecurity.com>Deranged</a>).All these accounts belonged to various government organizations around the globe and contained classified information. Some passwords in the list were too simple that even a small kid could have broken into those accounts. Most Indian embassies had one of the easiest passwords somebody could think of (<strong>123</strong>4).Indian DRDO seems to be much better in choosing passwords ,They seems to have added 1 to their password and made it more secure !!!! (<strong>password+1</strong>).http://gviz.blogspot.com/2007/09/codename-1234.htmlnoreply@blogger.com (Unknown)1tag:blogger.com,1999:blog-7865284935253612822.post-51130235157206329Wed, 12 Sep 2007 06:01:00 +00002007-09-11T23:07:33.872-07:00General SecurityThese days even Phishing software comes with video tutorials.<br />The following video demonstrates how to use a phishing software called Auto Phisher.<br /><br /><a href="http://davedadon.mywebcommunity.org/Tutorials/30secondsphish.html">Auto Phisher Tutorial</a>http://gviz.blogspot.com/2007/09/phishing-in-30-seconds.htmlnoreply@blogger.com (Unknown)0tag:blogger.com,1999:blog-7865284935253612822.post-8089128110078467377Fri, 31 Aug 2007 13:01:00 +00002007-08-31T06:27:16.560-07:00Bank of India website got compromised yesterday and was used to host malware/exploits.<br />If you have visited the website recently and feels that your computer is showing strange behaviour after that, it is most likely that your system got compromised by some malware which was on the site.<br /><a href=”http://www.cert-in.org.in/”>Indian Computer Emergency Response Team </a>(CERT-IN) have some interesting info about the Indian sites which were defaced last year.<br /><br />“ <br /> In the year 2006 a total no. of 5211 Indian websites were defaced , on an average of about <strong>14 websites per day</strong>.<br />“<br />The Bank website has been cleaned up by their staff and is considered safe to access now.<br /><br />An analysis of the defacement is available at Mcafee AvertLabs blog at <br /><a href=http://www.avertlabs.com/research/blog/index.php/2007/08/31/compromised-bank-of-india-website/>http://www.avertlabs.com/research/blog/index.php/2007/08/31/compromised-bank-of-india-website/</a>http://gviz.blogspot.com/2007/08/indian-website-defacements.htmlnoreply@blogger.com (Unknown)0tag:blogger.com,1999:blog-7865284935253612822.post-5452371382216691237Fri, 31 Aug 2007 05:36:00 +00002007-08-30T22:59:08.317-07:00General SecurityWithin a week after its previous security update, Yahoo has now come up with another security fix. This update patches a stack overflow in one of the activex controls related to Yahoo Messenger. According to analysis by <a href=http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591>iDefense</a>.<br /><br /><blockquote><br />It is important to note that functions within this class can only be called if the control believes it is being run from the yahoo.com domain. In order for this exploit to be triggered an attacker would either have to leverage a Cross-Site Scripting vulnerability in the yahoo.com domain, or be able to control the targeted user's DNS resolution <br /></blockquote><br /><br />Yahoo's advisory related to this vulnerability could be found at <a href="http://messenger.yahoo.com/security_update.php?id=082907">http://messenger.yahoo.com/security_update.php?id=082907</a><br /><br />Patched version of Yahoo Messenger is available at <a href="http://messenger.yahoo.com/download.php">http://messenger.yahoo.com/download.php</a>.http://gviz.blogspot.com/2007/08/another-yahoo-security-fix.htmlnoreply@blogger.com (Unknown)0tag:blogger.com,1999:blog-7865284935253612822.post-1982384391671686392Wed, 29 Aug 2007 12:56:00 +00002007-08-29T08:35:39.917-07:00Big Endian and Little Endian are terms used in computing to specify how bytes are ordered in memory. In Big Endian bytes are stored from most significant byte to least significant byte (MSB to LSB) and in Little Endian it is from least significant byte to most significant byte (LSB to MSB) .<br />For example,on a 32bit system an unsigned integer ‘0x40812131’ will be stored as ‘0x40812131’ itself in Big Endian byte order and in Little Endian, it will be stored as ‘0x31218140’.<br /><br />Most Intel processors are Little Endian, while processors such as Sparc belong to the Big Endian family. In processors like MIPS and ARM it is possible to specify the byte order at startup.<br /><br />TCP/IP uses Big Endian byte order for its data transfer. Systems with a byte order other than BigEndian should first convert any data it receives from a TCP/IP network (Network Byte Order) to its own byte order (Host Byte Order) before processing it. Most network appliances (routers, firewalls,ids,ips,..) are build using BigEndian processors as they can avoid overhead caused due to byte order conversions.<br />Following are some C functions used for byte order conversion<br /><br /> unsigned long htonl(unsigned long hostlong); //Host byte order to Network byte order long<br /> unsigned short htons(unsigned short hostshort);//Host byte order to Network byte order Short<br /> unsigned long ntohl(unsigned long netlong);//Network byte order to Host byte order long<br /> unsigned short ntohs(unsigned short netshort); Network byte order to Host byte order short<br /><br /><br />These functions are even found in the source code for BigEndian systems, but internally they don’t perform any operation on them. This is mainly done to make the code portable across platforms with different byte orders.<br />One interesting fact about the terms ‘Little Endian ‘and ‘Big Endian’ is that they came from the novel Gulliver's Travels :) .<br /><br /><br />"Gulliver finds out that there is a law, proclaimed by the grandfather of<br />the present ruler, requiring all citizens of Lilliput to break their<br />eggs only at the little ends. Of course, all those citizens who broke<br />their eggs at the big ends were angered by the proclamation. Civil war<br />broke out between the Little-Endians and the Big-Endians, resulting in<br />the Big-Endians taking refuge on a nearby island, the kingdom of<br />Blefuscu."<br />[<a href="http://www.ietf.org/rfc/ien/ien137.txt">http://www.ietf.org/rfc/ien/ien137.txt</a>]<br /><br />The following code could be used to check whether a system is Big Endian or Little Endian during run time.<br /><blockquote><br /><br /><br />#include<stdio.h><br />#define LITTLE_ENDIAN 0<br />#define BIG_ENDIAN 1<br /> int byteOrder(void)<br />{<br /> unsigned int x=1;<br /> unsigned char *y=(unsigned char *)&x;<br /> if(y[0]) return LITTLE_ENDIAN;<br /> return BIG_ENDIAN;<br />}<br />int main()<br />{<br /> printf("%s Endian\n",byteOrder()?"Big":"Little");<br /> return 0;<br />}<br /></blockquote>http://gviz.blogspot.com/2007/08/little-endian-big-endian-gulliver.htmlnoreply@blogger.com (Unknown)22tag:blogger.com,1999:blog-7865284935253612822.post-6808541125804742607Mon, 27 Aug 2007 11:18:00 +00002007-08-27T04:41:50.277-07:00General SecurityYahoo recently released an updated version of Yahoo Messenger which fixes a heap based overflow in one of its webcam related functions. Details about the update could be found at http://messenger.yahoo.com/security_update.php?id=082107.<br /><br />A proof of concept for the above mentioned vulnerability was posted last month on a Chinese security forum. Later this was found and reported by a researcher of Mcafee Avertlabs. The vulnerability was fixed within one week after it was reported by Avertlabs but more than one month after it first appeared in a public forum.http://gviz.blogspot.com/2007/08/yahoo-fixes-security-flaw.htmlnoreply@blogger.com (Unknown)0tag:blogger.com,1999:blog-7865284935253612822.post-4813557487428339874Sun, 26 Aug 2007 08:12:00 +00002007-08-26T02:23:17.134-07:00PhotographyTravel<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIZxbtliXf1fq_5_371qhPXyCkgxJX3t2AT99dG8Y38AZ4pRCl2xZwq65m7gge8Os6Zocr2pH0-eaCbJoGGlpLNRB4YhD8o8RCNRESHaBhV43dQnOXsDPVe71Ss4F2W0cc2SJZfjuxKoU/s1600-h/DSC_0203.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIZxbtliXf1fq_5_371qhPXyCkgxJX3t2AT99dG8Y38AZ4pRCl2xZwq65m7gge8Os6Zocr2pH0-eaCbJoGGlpLNRB4YhD8o8RCNRESHaBhV43dQnOXsDPVe71Ss4F2W0cc2SJZfjuxKoU/s320/DSC_0203.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102931695629403810" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJnTPISHhZ7JuGDM1nNRpLPgVTNlNrxeTnQcQM2HfvmtoUDlW13371IVqvbB_hcRi041GueCHb7imTOn2x5DnSlqU7aGUC1U_ls3Hatk8Z5e9yYSLJW2GDHTnhTsRjNFSzDLY1mZvXW0Q/s1600-h/DSC_0208.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJnTPISHhZ7JuGDM1nNRpLPgVTNlNrxeTnQcQM2HfvmtoUDlW13371IVqvbB_hcRi041GueCHb7imTOn2x5DnSlqU7aGUC1U_ls3Hatk8Z5e9yYSLJW2GDHTnhTsRjNFSzDLY1mZvXW0Q/s320/DSC_0208.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102931545305548434" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuh1tvfErsnCF7MrP8DPTz_Gz0g_Uk2TIeYN3pTFSSDhlhaGHZQe7XH2hPp2pz8kk4eCY6sbkjhXkKVVP3XS9aeNWgxRCfa3fmAzS2JPXV1qU5B6okHkLibMuxTJbPI4G0VJjxBZSJqQo/s1600-h/DSC_0198.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuh1tvfErsnCF7MrP8DPTz_Gz0g_Uk2TIeYN3pTFSSDhlhaGHZQe7XH2hPp2pz8kk4eCY6sbkjhXkKVVP3XS9aeNWgxRCfa3fmAzS2JPXV1qU5B6okHkLibMuxTJbPI4G0VJjxBZSJqQo/s320/DSC_0198.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102931304787379842" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXg14crgp5eUuMhmkkCsgO3m6_8idS8FvwAeyWrfw-mgFu8zGfAaUPRjYb5bct1uyFFRCfd2ZXIascvdlIoooSBL3BnknMsAdiFhUcC3nj7wjIxNEyHl106YWpoM6b6f81dEnjXD77smY/s1600-h/DSC_0157.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXg14crgp5eUuMhmkkCsgO3m6_8idS8FvwAeyWrfw-mgFu8zGfAaUPRjYb5bct1uyFFRCfd2ZXIascvdlIoooSBL3BnknMsAdiFhUcC3nj7wjIxNEyHl106YWpoM6b6f81dEnjXD77smY/s320/DSC_0157.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102931034204440178" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0LWD6CiapOniJVR8-WGWCDfEF-oxSrWwOGQjILVg8cytXfQoK999D8vIfVxvniv3QgL6zXJQpV0U9DQtjlgP70PRIknS7dzKrCZ1yePDXgxGJXUJwdLotHZ9uzVPJNus_nzUU2phGTEE/s1600-h/DSC_0150.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0LWD6CiapOniJVR8-WGWCDfEF-oxSrWwOGQjILVg8cytXfQoK999D8vIfVxvniv3QgL6zXJQpV0U9DQtjlgP70PRIknS7dzKrCZ1yePDXgxGJXUJwdLotHZ9uzVPJNus_nzUU2phGTEE/s320/DSC_0150.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102930858110781026" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiutwyEYwnBuG77M8dMjMfuNDvLwe_fivFQzKVuwuf2NMxja33lTcP3Y8Ht40jJw5z95-hTOSeNt30V9H5JVCCTYqoRFb7_vvoC1mF9VrFLWlLx-cbHx8P3Wwwi06k7vcGwxznalS_fJSM/s1600-h/DSC_0149.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiutwyEYwnBuG77M8dMjMfuNDvLwe_fivFQzKVuwuf2NMxja33lTcP3Y8Ht40jJw5z95-hTOSeNt30V9H5JVCCTYqoRFb7_vvoC1mF9VrFLWlLx-cbHx8P3Wwwi06k7vcGwxznalS_fJSM/s320/DSC_0149.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102930656247318098" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsTslImAnt2eX9MlGvbsoH5RxhdA-WEVZqyT0QN6uo_949Rexuq56s2TQ0__YB7SDoIbvwBnlmAmONQ3pGzy2HZmxNoXdG48DhawDkujESgD0beUXAk_LlZ0kGnS2328AQft2RjTdRXoA/s1600-h/DSC_0144.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsTslImAnt2eX9MlGvbsoH5RxhdA-WEVZqyT0QN6uo_949Rexuq56s2TQ0__YB7SDoIbvwBnlmAmONQ3pGzy2HZmxNoXdG48DhawDkujESgD0beUXAk_LlZ0kGnS2328AQft2RjTdRXoA/s320/DSC_0144.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102930471563724354" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiziGDE36gAXdpQjgTTHJE_hs4Ir1NQqeGBUslIpy3wJ1LJuxBfebhmFARuEOR003uE1ewdrBDaBQbb4dFw84WgxXKgwJNF4Y4rJh91EoFk1RFWaLrbqV-dSUE-NZLzukWGfhg5FazFlv4/s1600-h/DSC_0143.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiziGDE36gAXdpQjgTTHJE_hs4Ir1NQqeGBUslIpy3wJ1LJuxBfebhmFARuEOR003uE1ewdrBDaBQbb4dFw84WgxXKgwJNF4Y4rJh91EoFk1RFWaLrbqV-dSUE-NZLzukWGfhg5FazFlv4/s320/DSC_0143.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102930325534836274" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR5u4HiofB66OBOWuwhhDsSy6njgyzzhSs1v-RlfxsPChTYPQUuoqkibbUK8PJMhEpv9dJRJ6dxF3xxTcOr5eq48r4Vb9gGN2ea_iSlj4EOgOg7GQF_zux0vxnjul4UiwWGmM_faBezrg/s1600-h/DSC_0123.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR5u4HiofB66OBOWuwhhDsSy6njgyzzhSs1v-RlfxsPChTYPQUuoqkibbUK8PJMhEpv9dJRJ6dxF3xxTcOr5eq48r4Vb9gGN2ea_iSlj4EOgOg7GQF_zux0vxnjul4UiwWGmM_faBezrg/s320/DSC_0123.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102930145146209826" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwJVGhM4f_u18mxJYPkKjMGU6GxKFOmkLVSSVv4JkaBjs6xjOlq1E8gOL1YLbotuSkb-SqixGk6ZxWhjdtaQoCAj-Acnq87pCCcESBI2VT1oWVUeeag74G53smzUsCd53riyvf9f_MRVE/s1600-h/DSC_0097.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwJVGhM4f_u18mxJYPkKjMGU6GxKFOmkLVSSVv4JkaBjs6xjOlq1E8gOL1YLbotuSkb-SqixGk6ZxWhjdtaQoCAj-Acnq87pCCcESBI2VT1oWVUeeag74G53smzUsCd53riyvf9f_MRVE/s320/DSC_0097.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102929964757583378" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7e5TZAeFfAi9Uibko4i7svPOVpcyw8tQv77PrbNalnVCQf2UC77voYF5dsphoShe6KK8v10jw7PM_1bdp3BUSe05uqvibky55ydOaK0lDVr1dU7LWvganoWxfn_zYtu5kIpeId7v5JsA/s1600-h/DSC_0096.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7e5TZAeFfAi9Uibko4i7svPOVpcyw8tQv77PrbNalnVCQf2UC77voYF5dsphoShe6KK8v10jw7PM_1bdp3BUSe05uqvibky55ydOaK0lDVr1dU7LWvganoWxfn_zYtu5kIpeId7v5JsA/s320/DSC_0096.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102929788663924226" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAFS6kwjptkvd4gd6UHG7q-tQuKM1LyKrPyoGLrP2pW0_jBkIwSIt9VM9lBUnLs__OGlY-BWWJK792ZT_50e2Qvd1BGACqOUIfZMeTxPgQoEv9OmRaqdRH56-48jVHmICjn9mNgBDu-f4/s1600-h/DSC_0068.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAFS6kwjptkvd4gd6UHG7q-tQuKM1LyKrPyoGLrP2pW0_jBkIwSIt9VM9lBUnLs__OGlY-BWWJK792ZT_50e2Qvd1BGACqOUIfZMeTxPgQoEv9OmRaqdRH56-48jVHmICjn9mNgBDu-f4/s320/DSC_0068.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102929646930003442" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmdGVI8A4Iap1gTFtCAi_uH5fP64nNxWv20kbtOQdHyerEYU0kMhCiX9WYyWCWgX4AZrcmOoHWwHAF77c_jNROTnSy6L3iZq4v4mGpjKc5y55gPexxubwPq6giygeLS-MjykQFIrACcJ0/s1600-h/DSC_0039.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmdGVI8A4Iap1gTFtCAi_uH5fP64nNxWv20kbtOQdHyerEYU0kMhCiX9WYyWCWgX4AZrcmOoHWwHAF77c_jNROTnSy6L3iZq4v4mGpjKc5y55gPexxubwPq6giygeLS-MjykQFIrACcJ0/s320/DSC_0039.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102929526670919138" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3b0HtFUanCaqxFKEWCp6r4RjCKAVGZZ7C6HO9RtbnYvLSQs5DsIab-wlNMXrmA5ZBxUqaWRD0EDAdzQC3ViI3bEUmOgqO9bNYTtDrTNVIaIl25Jn_xGPhi1Z2Bd3RWHMnoGAMZUZjReg/s1600-h/DSC_0027.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3b0HtFUanCaqxFKEWCp6r4RjCKAVGZZ7C6HO9RtbnYvLSQs5DsIab-wlNMXrmA5ZBxUqaWRD0EDAdzQC3ViI3bEUmOgqO9bNYTtDrTNVIaIl25Jn_xGPhi1Z2Bd3RWHMnoGAMZUZjReg/s320/DSC_0027.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102929393526932946" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha4TfJaN5UeRO95FFOd7qec-YBmI9onluBVZjP-VEJC7P3H4tB5XeKDpRmCkayG-eAfrEfRtdKSbJ0j21BqoTESy4S7HskCtS-lspkD_WD4E3xsKeRu9wlIstGC6QcDAgFXTg09gCZqvc/s1600-h/DSC_0022.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha4TfJaN5UeRO95FFOd7qec-YBmI9onluBVZjP-VEJC7P3H4tB5XeKDpRmCkayG-eAfrEfRtdKSbJ0j21BqoTESy4S7HskCtS-lspkD_WD4E3xsKeRu9wlIstGC6QcDAgFXTg09gCZqvc/s320/DSC_0022.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102929148713797058" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO8wpE8BDOHNNG9kxb89wOBUTJsHkFcdAH7QnEuVNTV6rVr9xb91SZdn1xRHJzC28Ppe-AUYSHQDrNGhD2Mj_qzJq36h1TPZ1D1kcs3T_m-KGyuVcbmXGA8Tg_QUSf9hzOZry6Q9JsNik/s1600-h/3DSC_0018.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO8wpE8BDOHNNG9kxb89wOBUTJsHkFcdAH7QnEuVNTV6rVr9xb91SZdn1xRHJzC28Ppe-AUYSHQDrNGhD2Mj_qzJq36h1TPZ1D1kcs3T_m-KGyuVcbmXGA8Tg_QUSf9hzOZry6Q9JsNik/s320/3DSC_0018.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102928886720791986" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu3m1ls2N-U2IGC90yfGJrijcVjOHdCT57Wwz8KvGBIhWEV4lwDdY4ScIDYFEoCIhY3lixSyedm8LK156wuTG9aaFCAxCQMjVWmIe2zHECeSyz0cbBRAE7rgXECF4xknPEiDbMPkGn6t4/s1600-h/2DSC_0007.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu3m1ls2N-U2IGC90yfGJrijcVjOHdCT57Wwz8KvGBIhWEV4lwDdY4ScIDYFEoCIhY3lixSyedm8LK156wuTG9aaFCAxCQMjVWmIe2zHECeSyz0cbBRAE7rgXECF4xknPEiDbMPkGn6t4/s320/2DSC_0007.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102928422864324002" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI8QOuQHQLV7M63owKPm8h5o0UnW8fgxRLpWwFkqkOy8XFI_XE3XRxyJMlRJ4QTTkfnY2EWt48F113btszW0kYt3n4N92eT_J7wtRqMCXf0SngR_-79rABg3DcVxPQvHPU5U9UCmIBYKg/s1600-h/1DSC_0127.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI8QOuQHQLV7M63owKPm8h5o0UnW8fgxRLpWwFkqkOy8XFI_XE3XRxyJMlRJ4QTTkfnY2EWt48F113btszW0kYt3n4N92eT_J7wtRqMCXf0SngR_-79rABg3DcVxPQvHPU5U9UCmIBYKg/s320/1DSC_0127.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5102928178051188114" /></a>http://gviz.blogspot.com/2007/08/trip-to-nandi-hills-bangalore.htmlnoreply@blogger.com (Unknown)0tag:blogger.com,1999:blog-7865284935253612822.post-8224742736580446397Mon, 20 Aug 2007 19:22:00 +00002007-08-20T12:35:05.149-07:00DebuggingMacro support in GDB could be used to write scripts which can automate most of the repetitive tasks during debugging.I recently came across one such GDB initialization script which contains some very useful functions.<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1zYXMxzxT3mPsNKpA5cDdw45OUVNPT4Z4CBDs0bmEiPCcd3mL8tCZzEP44cDNb1x7b3lpV3o73GUmCLZJgD3Wp8hz6cCL8azshtHCu9LIFEt1u5JjkRQ9l7oUkRRlvlHUSSvLL3SuSI0/s1600-h/gdb.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1zYXMxzxT3mPsNKpA5cDdw45OUVNPT4Z4CBDs0bmEiPCcd3mL8tCZzEP44cDNb1x7b3lpV3o73GUmCLZJgD3Wp8hz6cCL8azshtHCu9LIFEt1u5JjkRQ9l7oUkRRlvlHUSSvLL3SuSI0/s320/gdb.JPG" border="0" alt=""id="BLOGGER_PHOTO_ID_5100866452015187298" /></a><br /><center><b>BreakPoint Information Display</b></center><br /><blockquote><br /><br /># INSTRUCTIONS: save as ~/.gdbinit<br />#<br /># DESCRIPTION: A cracker-friendly gdb configuration file.<br />#<br /># REVISION : 6.1 <br /># <br /># CONTRIBUTORS: mammon_, elaine, pusillus, mong<br />#<br /># FEEDBACK: http://board.anticrack.de/viewforum.php?f=35<br /># <br /># NOTES: 'help user' in gdb will list the commands/descriptions in this file<br /># 'context on' now enables auto-display of context screen<br />#<br /># CHANGELOG:<br /># Version 6.1<br /># fixed filename in step_to_call so it points to /dev/null<br /># changed location of logfiles from /tmp to ~<br /># Version 6<br /># added print_insn_type, get_insn_type, context-on, context-off commands<br /># added trace_calls, trace_run, step_to_call commands<br /># changed hook-stop so it checks $SHOW_CONTEXT variable<br /># Version 5<br /># added bpm, dump_bin, dump_hex, bp_alloc commands<br /># added 'assemble' by elaine, 'gas_asm' by mong<br /># added Tip Topics for aspiring crackers ;)<br /># Version 4<br /># added eflags-changing insns by pusillus<br /># added bp, nop, null, and int3 patch commands, also hook-stop<br /># Version 3<br /># incorporated elaine's if/else goodness into the hex/ascii dump<br /># Version 2<br /># radix bugfix by elaine<br /># TODO:<br /># * add global vars to allow user to control stack,data,code win sizes<br /># * add dump, append, set write, etc commands<br /># * more tips!<br /><br /><br /># ______________breakpoint aliases_____________<br />define bpl<br /> info breakpoints<br />end<br />document bpl<br />List breakpoints<br />end<br /><br />define bp<br /> set $SHOW_CONTEXT = 1<br /> break * $arg0<br />end<br />document bp<br />Set a breakpoint on address<br />Usage: bp addr<br />end<br /><br />define bpc <br /> clear $arg0<br />end<br />document bpc<br />Clear breakpoint at function/address<br />Usage: bpc addr<br />end<br /><br />define bpe<br /> enable $arg0<br />end<br />document bpe<br />Enable breakpoint #<br />Usage: bpe num<br />end<br /><br />define bpd<br /> disable $arg0<br />end<br />document bpd<br />Disable breakpoint #<br />Usage: bpd num<br />end<br /><br />define bpt<br /> set $SHOW_CONTEXT = 1<br /> tbreak $arg0<br />end<br />document bpt<br />Set a temporary breakpoint on address<br />Usage: bpt addr<br />end<br /><br />define bpm<br /> set $SHOW_CONTEXT = 1<br /> awatch $arg0<br />end<br />document bpm<br />Set a read/write breakpoint on address<br />Usage: bpm addr<br />end<br /><br />define bhb<br /> set $SHOW_CONTEXT = 1<br /> hb * $arg0<br />end<br />document bhb<br />Set Hardware Assisted breakpoint on address<br />Usage: bhb addr<br />end<br /><br /># ______________process information____________<br />define argv<br /> show args<br />end<br />document argv<br />Print program arguments<br />end<br /><br />define stack<br /> info stack<br />end<br />document stack<br />Print call stack<br />end<br /><br />define frame<br /> info frame<br /> info args<br /> info locals<br />end<br />document frame<br />Print stack frame<br />end<br /><br />define flags<br /> if (($eflags >> 0xB) & 1 )<br /> printf "O "<br /> else<br /> printf "o "<br /> end<br /> if (($eflags >> 0xA) & 1 )<br /> printf "D "<br /> else<br /> printf "d "<br /> end<br /> if (($eflags >> 9) & 1 )<br /> printf "I "<br /> else<br /> printf "i "<br /> end<br /> if (($eflags >> 8) & 1 )<br /> printf "T "<br /> else<br /> printf "t "<br /> end<br /> if (($eflags >> 7) & 1 )<br /> printf "S "<br /> else<br /> printf "s "<br /> end<br /> if (($eflags >> 6) & 1 )<br /> printf "Z "<br /> else<br /> printf "z "<br /> end<br /> if (($eflags >> 4) & 1 )<br /> printf "A "<br /> else<br /> printf "a "<br /> end<br /> if (($eflags >> 2) & 1 )<br /> printf "P "<br /> else<br /> printf "p "<br /> end<br /> if ($eflags & 1)<br /> printf "C "<br /> else<br /> printf "c "<br /> end<br /> printf "\n"<br />end<br />document flags<br />Print flags register<br />end<br /><br />define eflags<br /> printf " OF <%d> DF <%d> IF <%d> TF <%d>",\<br /> (($eflags >> 0xB) & 1 ), (($eflags >> 0xA) & 1 ), \<br /> (($eflags >> 9) & 1 ), (($eflags >> 8) & 1 )<br /> printf " SF <%d> ZF <%d> AF <%d> PF <%d> CF <%d>\n",\<br /> (($eflags >> 7) & 1 ), (($eflags >> 6) & 1 ),\<br /> (($eflags >> 4) & 1 ), (($eflags >> 2) & 1 ), ($eflags & 1)<br /> printf " ID <%d> VIP <%d> VIF <%d> AC <%d>",\<br /> (($eflags >> 0x15) & 1 ), (($eflags >> 0x14) & 1 ), \<br /> (($eflags >> 0x13) & 1 ), (($eflags >> 0x12) & 1 )<br /> printf " VM <%d> RF <%d> NT <%d> IOPL <%d>\n",\<br /> (($eflags >> 0x11) & 1 ), (($eflags >> 0x10) & 1 ),\<br /> (($eflags >> 0xE) & 1 ), (($eflags >> 0xC) & 3 )<br />end<br />document eflags<br />Print entire eflags register<br />end<br /><br />define reg<br /> printf " eax:%08X ebx:%08X ecx:%08X ", $eax, $ebx, $ecx<br /> printf " edx:%08X eflags:%08X\n", $edx, $eflags<br /> printf " esi:%08X edi:%08X esp:%08X ", $esi, $edi, $esp<br /> printf " ebp:%08X eip:%08X\n", $ebp, $eip<br /> printf " cs:%04X ds:%04X es:%04X", $cs, $ds, $es<br /> printf " fs:%04X gs:%04X ss:%04X ", $fs, $gs, $ss<br /> echo \033[31m<br /> flags<br /> echo \033[0m<br />end<br />document reg<br />Print CPU registers<br />end<br /><br />define func<br /> info functions<br />end<br />document func<br />Print functions in target<br />end<br /><br />define var<br /> info variables<br />end<br />document var<br />Print variables (symbols) in target<br />end<br /><br />define lib<br /> info sharedlibrary<br />end<br />document lib<br />Print shared libraries linked to target<br />end<br /><br />define sig<br /> info signals<br />end<br />document sig<br />Print signal actions for target<br />end<br /><br />define thread<br /> info threads<br />end<br />document thread<br />Print threads in target<br />end<br /><br />define u<br /> info udot<br />end<br />document u<br />Print kernel 'user' struct for target<br />end<br /><br />define dis<br /> disassemble $arg0<br />end<br />document dis<br />Disassemble address<br />Usage: dis addr<br />end<br /><br /># ________________hex/ascii dump an address______________<br />define ascii_char<br /> # thanks elaine :)<br /> set $_c=*(unsigned char *)($arg0)<br /> if ( $_c < 0x20 || $_c > 0x7E )<br /> printf "."<br /> else<br /> printf "%c", $_c<br /> end<br />end<br />document ascii_char<br />Print the ASCII value of arg0 or '.' if value is unprintable<br />end<br /><br />define hex_quad<br /> printf "%02X %02X %02X %02X %02X %02X %02X %02X", \<br /> *(unsigned char*)($arg0), *(unsigned char*)($arg0 + 1), \<br /> *(unsigned char*)($arg0 + 2), *(unsigned char*)($arg0 + 3), \<br /> *(unsigned char*)($arg0 + 4), *(unsigned char*)($arg0 + 5), \<br /> *(unsigned char*)($arg0 + 6), *(unsigned char*)($arg0 + 7)<br />end<br />document hex_quad<br />Print eight hexadecimal bytes starting at arg0<br />end<br /><br />define hexdump<br /> printf "%08X : ", $arg0<br /> hex_quad $arg0<br /> printf " - "<br /> hex_quad ($arg0+8)<br /> printf " "<br /><br /> ascii_char ($arg0)<br /> ascii_char ($arg0+1)<br /> ascii_char ($arg0+2)<br /> ascii_char ($arg0+3)<br /> ascii_char ($arg0+4)<br /> ascii_char ($arg0+5)<br /> ascii_char ($arg0+6)<br /> ascii_char ($arg0+7)<br /> ascii_char ($arg0+8)<br /> ascii_char ($arg0+9)<br /> ascii_char ($arg0+0xA)<br /> ascii_char ($arg0+0xB)<br /> ascii_char ($arg0+0xC)<br /> ascii_char ($arg0+0xD)<br /> ascii_char ($arg0+0xE)<br /> ascii_char ($arg0+0xF)<br /><br /> printf "\n"<br />end<br />document hexdump<br />Display a 16-byte hex/ASCII dump of arg0<br />end<br /><br /># ________________data window__________________<br />define ddump<br /> echo \033[36m<br /><br /> printf "[%04X:%08X]------------------------", $ds, $data_addr<br /> printf "---------------------------------[ data]\n"<br /> echo \033[34m<br /> set $_count=0<br /> while ( $_count < $arg0 )<br /> set $_i=($_count*0x10)<br /> hexdump ($data_addr+$_i)<br /> set $_count++<br /> end<br />end<br />document ddump<br />Display $arg0 lines of hexdump for address $data_addr<br />end<br /><br />define dd<br /> if ( ($arg0 & 0x40000000) || ($arg0 & 0x08000000) || ($arg0 & 0xBF000000) )<br /> set $data_addr=$arg0<br /> ddump 0x10<br /> else<br /> printf "Invalid address: %08X\n", $arg0<br /> end<br />end<br />document dd<br />Display 16 lines of a hex dump for $arg0<br />end<br /><br />define datawin<br /> if ( ($esi & 0x40000000) || ($esi & 0x08000000) || ($esi & 0xBF000000) )<br /> set $data_addr=$esi<br /> else<br /> if ( ($edi & 0x40000000) || ($edi & 0x08000000) || ($edi & 0xBF000000) )<br /> set $data_addr=$edi<br /> else<br /> if ( ($eax & 0x40000000) || ($eax & 0x08000000) || \<br /> ($eax & 0xBF000000) )<br /><br /> set $data_addr=$eax<br /> else<br /> set $data_addr=$esp<br /> end<br /> end<br /> end<br /> ddump 2<br />end<br />document datawin<br />Display esi, edi, eax, or esp in data window<br />end<br /><br /># ________________process context______________<br />define context<br /> echo \033[36m<br /> printf "----------------------------------------"<br /> printf "---------------------------------[ regs]\n"<br /> echo \033[32m<br /> reg<br /> echo \033[36m<br /> printf "[%04X:%08X]------------------------", $ss, $esp<br /> printf "---------------------------------[stack]\n"<br /> echo \033[34m<br /> hexdump $sp+0x30<br /> hexdump $sp+0x20<br /> hexdump $sp+0x10<br /> hexdump $sp<br /> datawin<br /> echo \033[36m<br /> printf "[%04X:%08X]------------------------", $cs, $eip<br /> printf "---------------------------------[ code]\n"<br /> echo \033[37m<br /> x /6i $pc<br /> echo \033[36m<br /> printf "---------------------------------------"<br /> printf "----------------------------------------\n"<br /> echo \033[0m<br />end<br />document context<br />Print regs, stack, ds:esi, and disassemble cs:eip<br />end<br /><br />define context-on<br /> set $SHOW_CONTEXT = 1<br />end<br />document context-on<br />Enable display of context on every program stop<br />end<br /><br />define context-off<br /> set $SHOW_CONTEXT = 1<br />end<br />document context-on<br />Disable display of context on every program stop<br />end<br /><br /># ________________process control______________<br />define n<br /> ni<br />end<br />document n<br />Step one instruction<br />end<br /><br />define go<br /> stepi $arg0<br />end<br />document go<br />Step # instructions<br />end<br /><br />define pret<br /> finish<br />end<br />document pret<br />Step out of current call<br />end<br /><br />define init<br /> set $SHOW_CONTEXT = 1<br /> set $SHOW_NEST_INSN=0<br /> tbreak _init<br /> r<br />end<br />document init<br />Run program; break on _init()<br />end<br /><br />define start<br /> set $SHOW_CONTEXT = 1<br /> set $SHOW_NEST_INSN=0<br /> tbreak _start<br /> r<br />end<br />document start<br />Run program; break on _start()<br />end<br /><br />define sstart<br /> set $SHOW_CONTEXT = 1<br /> set $SHOW_NEST_INSN=0<br /> tbreak __libc_start_main<br /> r<br />end<br />document sstart<br />Run program; break on __libc_start_main(). Useful for stripped executables.<br />end<br /><br />define main<br /> set $SHOW_CONTEXT = 1<br /> set $SHOW_NEST_INSN=0<br /> tbreak main<br /> r<br />end<br />document main<br />Run program; break on main()<br />end<br /><br /># ________________eflags commands_______________<br />define cfc<br /> if ($eflags & 1)<br /> set $eflags = $eflags&~1<br /> else<br /> set $eflags = $eflags|1<br /> end<br />end<br />document cfc<br />change Carry Flag<br />end<br /><br />define cfp<br /> if (($eflags >> 2) & 1 )<br /> set $eflags = $eflags&~0x4<br /> else<br /> set $eflags = $eflags|0x4<br /> end<br />end<br />document cfp<br />change Carry Flag<br />end<br /><br />define cfa<br /> if (($eflags >> 4) & 1 )<br /> set $eflags = $eflags&~0x10<br /> else<br /> set $eflags = $eflags|0x10<br /> end<br />end<br />document cfa<br />change Auxiliary Carry Flag<br />end<br /><br />define cfz<br /> if (($eflags >> 6) & 1 )<br /> set $eflags = $eflags&~0x40<br /> else<br /> set $eflags = $eflags|0x40<br /> end<br />end<br />document cfz<br />change Zero Flag<br />end<br /><br />define cfs<br /> if (($eflags >> 7) & 1 )<br /> set $eflags = $eflags&~0x80<br /> else<br /> set $eflags = $eflags|0x80<br /> end<br />end<br />document cfs<br />change Sign Flag<br />end<br /><br />define cft<br /> if (($eflags >>8) & 1 )<br /> set $eflags = $eflags&100<br /> else<br /> set $eflags = $eflags|100<br /> end<br />end<br />document cft<br />change Trap Flag<br />end<br /><br />define cfi<br /> if (($eflags >> 9) & 1 )<br /> set $eflags = $eflags&~0x200<br /> else<br /> set $eflags = $eflags|0x200<br /> end<br />end<br />document cfi<br />change Interrupt Flag<br />end<br /><br />define cfd<br /> if (($eflags >>0xA ) & 1 )<br /> set $eflags = $eflags&~0x400<br /> else<br /> set $eflags = $eflags|0x400<br /> end<br />end<br />document cfd<br />change Direction Flag<br />end<br /><br />define cfo<br /> if (($eflags >> 0xB) & 1 )<br /> set $eflags = $eflags&~0x800<br /> else<br /> set $eflags = $eflags|0x800<br /> end<br />end<br />document cfo<br />change Overflow Flag<br />end<br /><br /># --------------------patch---------------------<br />define nop<br /> set * (unsigned char *) $arg0 = 0x90<br />end<br />document nop<br />Patch byte at address arg0 to a NOP insn<br />Usage: nop addr<br />end<br /><br />define null<br /> set * (unsigned char *) $arg0 = 0<br />end<br />document null<br />Patch byte at address arg0 to NULL<br />Usage: null addr<br />end<br /><br />define int3<br /> set * (unsigned char *) $arg0 = 0xCC<br />end<br />document int3<br />Patch byte at address arg0 to an INT3 insn<br />Usage: int3 addr<br />end<br /><br /># --------------------cflow---------------------<br />define print_insn_type<br /> if ($arg0 == 0)<br /> printf "UNKNOWN";<br /> end<br /> if ($arg0 == 1)<br /> printf "JMP";<br /> end<br /> if ($arg0 == 2)<br /> printf "JCC";<br /> end<br /> if ($arg0 == 3)<br /> printf "CALL";<br /> end<br /> if ($arg0 == 4)<br /> printf "RET";<br /> end<br /> if ($arg0 == 5)<br /> printf "INT";<br /> end<br />end<br />document print_insn_type<br />This prints the human-readable mnemonic for the instruction typed passed as<br />a parameter (usually $INSN_TYPE).<br />end<br /><br />define get_insn_type<br /> set $INSN_TYPE = 0<br /> set $_byte1=*(unsigned char *)$arg0<br /> if ($_byte1 == 0x9A || $_byte1 == 0xE8 )<br /> # "call"<br /> set $INSN_TYPE=3<br /> end<br /> if ($_byte1 >= 0xE9 && $_byte1 <= 0xEB)<br /> # "jmp"<br /> set $INSN_TYPE=1<br /> end<br /> if ($_byte1 >= 0x70 && $_byte1 <= 0x7F)<br /> # "jcc"<br /> set $INSN_TYPE=2<br /> end<br /> if ($_byte1 >= 0xE0 && $_byte1 <= 0xE3 )<br /> # "jcc"<br /> set $INSN_TYPE=2<br /> end<br /> if ($_byte1 == 0xC2 || $_byte1 == 0xC3 || $_byte1 == 0xCA || $_byte1 == 0xCB || $_byte1 == 0xCF)<br /> # "ret"<br /> set $INSN_TYPE=4 <br /> end<br /> if ($_byte1 >= 0xCC && $_byte1 <= 0xCE)<br /> # "int"<br /> set $INSN_TYPE=5<br /> end<br /> if ($_byte1 == 0x0F )<br /> # two-byte opcode<br /> set $_byte2=*(unsigned char *)($arg0 +1)<br /> if ($_byte2 >= 0x80 && $_byte2 <= 0x8F)<br /> # "jcc"<br /> set $INSN_TYPE=2<br /> end<br /> end<br /> if ($_byte1 == 0xFF ) <br /> # opcode extension<br /> set $_byte2=*(unsigned char *)($arg0 +1)<br /> set $_opext=($_byte2 & 0x38)<br /> if ($_opext == 0x10 || $_opext == 0x18) <br /> # "call"<br /> set $INSN_TYPE=3<br /> end<br /> if ($_opext == 0x20 || $_opext == 0x28)<br /> # "jmp"<br /> set $INSN_TYPE=1<br /> end<br /> end<br />end<br />document get_insn_type<br />This takes an address as a parameter and sets the global $INSN_TYPE variable<br />to 0, 1, 2, 3, 4, 5 if the instruction at the address is unknown, a jump,<br />a conditional jump, a call, a return, or an interrupt.<br />end<br /><br />define step_to_call<br /> set $_saved_ctx = $SHOW_CONTEXT<br /> set $SHOW_CONTEXT = 0<br /> set $SHOW_NEST_INSN=0<br /> set logging file /dev/null<br /> set logging on<br /> set logging redirect on<br /> set $_cont = 1<br /><br /> while ( $_cont > 0 )<br /> stepi<br /> get_insn_type $pc<br /> if ($INSN_TYPE == 3)<br /> set $_cont = 0<br /> end<br /> end<br /><br /> if ( $_saved_ctx > 0 )<br /> context<br /> else<br /> x /i $pc<br /> end<br /><br /> set $SHOW_CONTEXT = 1<br /> set $SHOW_NEST_INSN=0<br /> set logging redirect off<br /> set logging off<br /> set logging file gdb.txt<br />end<br />document step_to_call<br />This single steps until it encounters a call instruction; it stops before<br />the call is taken.<br />end<br /><br />define trace_calls<br /> set $SHOW_CONTEXT = 0<br /> set $SHOW_NEST_INSN=0<br /> set $_nest = 1<br /> set listsize 0<br /> set logging overwrite on<br /> set logging file ~/gdb_trace_calls.txt<br /> set logging on<br /> set logging redirect on<br /> <br /> while ( $_nest > 0 )<br /> get_insn_type $pc<br /><br /> # handle nesting<br /> if ($INSN_TYPE == 3)<br /> set $_nest = $_nest + 1<br /> else<br /> if ($INSN_TYPE == 4)<br /> set $_nest = $_nest - 1<br /> end<br /> end<br /><br /> # if a call, print it<br /> if ($INSN_TYPE == 3)<br /> set $x = $_nest<br /> while ( $x > 0 )<br /> printf "\t"<br /> set $x = $x - 1<br /> end<br /> x /i $pc<br /> end<br /><br /> #set logging file /dev/null<br /> stepi<br /> #set logging file ~/gdb_trace_calls.txt<br /> end<br /><br /> set $SHOW_CONTEXT = 1<br /> set $SHOW_NEST_INSN=0<br /> set logging redirect off<br /> set logging off<br /> set logging file gdb.txt<br /> <br /> # clean up trace file<br /> shell grep -v ' at ' ~/gdb_trace_calls.txt > ~/gdb_trace_calls.1<br /> shell grep -v ' in ' ~/gdb_trace_calls.1 > ~/gdb_trace_calls.txt<br />end<br />document trace_calls<br />Creates a runtime trace of the calls made target in ~/gdb_trace_calls.txt. <br />Note that this is very slow because gdb "set redirect on" does not work!<br />end<br /><br />define trace_run<br /> set $SHOW_CONTEXT = 0<br /> set $SHOW_NEST_INSN=1<br /> set logging overwrite on<br /> set logging file ~/gdb_trace_run.txt<br /> set logging on<br /> set logging redirect on<br /> set $_nest = 1<br /><br /> while ( $_nest > 0 )<br /><br /> get_insn_type $pc<br /> # jmp, jcc, or cll<br /> if ($INSN_TYPE == 3)<br /> set $_nest = $_nest + 1<br /> else<br /> # ret<br /> if ($INSN_TYPE == 4)<br /> set $_nest = $_nest - 1<br /> end<br /> end<br /><br /> stepi<br /> end<br /><br /> set $SHOW_CONTEXT = 1<br /> set $SHOW_NEST_INSN=0<br /> set logging file gdb.txt<br /> set logging redirect off<br /> set logging off<br /><br /> # clean up trace file<br /> shell grep -v ' at ' ~/gdb_trace_run.txt > ~/gdb_trace_run.1<br /> shell grep -v ' in ' ~/gdb_trace_run.1 > ~/gdb_trace_run.txt<br /><br />end<br />document trace_run<br />Creates a runtime trace of the target in ~/gdb_trace_run.txt. Note<br />that this is very slow because gdb "set redirect on" does not work!<br />end<br /><br /><br /># _____________________misc_____________________<br /># this makes 'context' be called at every BP/step<br />define hook-stop<br /> if ( $SHOW_CONTEXT > 0 )<br /> context<br /> end<br /> if ( $SHOW_NEST_INSN > 0 )<br /> set $x = $_nest<br /> while ($x > 0 )<br /> printf "\t"<br /> set $x = $x - 1<br /> end<br /> end<br />end<br /><br />define assemble<br />printf "Hit Ctrl-D to start, type code to assemble, hit Ctrl-D when done.\n"<br />printf "It is recommended to start with\n"<br />printf "\tBITS 32\n"<br />printf "Note that this command uses NASM (Intel syntax) to assemble.\n"<br />shell nasm -f bin -o /dev/stdout /dev/stdin | od -v -t x1 -w16 -A n<br />end<br />document assemble<br />Assemble Intel x86 instructions to binary opcodes. Uses nasm.<br />Usage: assemble<br />end<br /><br />define gas_asm<br />printf "Type code to assemble, hit Ctrl-D until results appear :)\n"<br />printf "Note that this command uses GAS (AT&T syntax) to assemble.\n"<br />shell as -o ~/__gdb_tmp.bin<br />shell objdump -d -j .text --adjust-vma=$arg0 ~/__gdb_tmp.bin <br />shell rm ~/__gdb_tmp.bin<br />end<br />document gas_asm<br />Assemble Intel x86 instructions to binary opcodes using gas and objdump<br />Usage: gas_asm address<br />end<br /><br /># !scary bp_alloc macro!<br /># The idea behind this macro is to break on the following code:<br /># 0x4008e0aa <malloc+6>: sub $0xc,%esp<br /># 0x4008e0ad <malloc+9>: call 0x4008e0b2 <malloc+14><br /># 0x4008e0b2 <malloc+14>: pop %ebx<br /># 0x4008e0b3 <malloc+15>: add $0xa3f6e,%ebx<br /># At 0x4008e0b3, %ebx contains the address that has just been allocated<br /># The bp_alloc macro generates this breakpoint and *should* work for<br /># the forseeable future ... but if it breaks, set a breakpoint on <br /># __libc_malloc and look for where where the return value gets popped.<br /><br />define bp_alloc<br /> tbreak *(*__libc_malloc + F) if $ebx == $arg0<br />end<br />document bp_alloc<br />This sets a temporary breakpoint on the allocation of $arg0.<br />It works by setting a breakpoint on a specific address in __libc_malloc().<br />USE WITH CAUTION -- it is extremely platform dependent.<br />Usage: bp_alloc addr<br />end<br /><br />define dump_hexfile<br /> dump ihex memory $arg0 $arg1 $arg2<br />end<br />document dump_hexfile<br />Write a range of memory to a file in Intel ihex (hexdump) format.<br />Usage: dump_hexfile filename start_addr end_addr<br />end<br /><br />define dump_binfile<br /> dump memory $arg0 $arg1 $arg2<br />end<br />document dump_binfile<br />Write a range of memory to a binary file.<br />Usage: dump_binfile filename start_addr end_addr<br />end<br /> <br /># _________________cracker tips_________________<br /># The 'tips' command is used to provide tutorial-like info to the user<br />define tips<br /> printf "Tip Topic Commands:\n"<br /> printf "\ttip_display : Automatically display values on each break\n"<br /> printf "\ttip_patch : Patching binaries\n"<br /> printf "\ttip_strip : Dealing with stripped binaries\n"<br /> printf "\ttip_syntax : ATT vs Intel syntax\n"<br />end<br />document tips<br />Provide a list of tips from crackers on various topics. <br />end<br /><br />define tip_patch<br /> printf "\n"<br /> printf " PATCHING MEMORY\n"<br /> printf "Any address can be patched using the 'set' command:\n"<br /> printf "\t`set ADDR = VALUE` \te.g. `set *0x8049D6E = 0x90`\n"<br /> printf "\n"<br /> printf " PATCHING BINARY FILES\n"<br /> printf "Use `set write` in order to patch the target executable\n"<br /> printf "directly, instead of just patching memory.\n"<br /> printf "\t`set write on` \t`set write off`\n"<br /> printf "Note that this means any patches to the code or data segments\n"<br /> printf "will be written to the executable file. When either of these\n"<br /> printf "commands has been issued, the file must be reloaded.\n"<br /> printf "\n"<br />end<br />document tip_patch<br />Tips on patching memory and binary files<br />end<br /><br />define tip_strip<br /> printf "\n"<br /> printf " STOPPING BINARIES AT ENTRY POINT\n"<br /> printf "Stripped binaries have no symbols, and are therefore tough to\n"<br /> printf "start automatically. To debug a stripped binary, use\n"<br /> printf "\tinfo file\n"<br /> printf "to get the entry point of the file. The first few lines of\n"<br /> printf "output will look like this:\n"<br /> printf "\tSymbols from '/tmp/a.out'\n"<br /> printf "\tLocal exec file:\n"<br /> printf "\t `/tmp/a.out', file type elf32-i386.\n"<br /> printf "\t Entry point: 0x80482e0\n"<br /> printf "Use this entry point to set an entry point:\n"<br /> printf "\t`tbreak *0x80482e0`\n"<br /> printf "The breakpoint will delete itself after the program stops as\n"<br /> printf "the entry point.\n"<br /> printf "\n"<br />end<br />document tip_strip<br />Tips on dealing with stripped binaries<br />end<br /><br />define tip_syntax<br /> printf "\n"<br /> printf "\t INTEL SYNTAX AT&T SYNTAX\n"<br /> printf "\tmnemonic dest, src, imm mnemonic src, dest, imm\n" <br /> printf "\t[base+index*scale+disp] disp(base, index, scale)\n"<br /> printf "\tregister: eax register: %%eax\n"<br /> printf "\timmediate: 0xFF immediate: $0xFF\n"<br /> printf "\tdereference: [addr] dereference: addr(,1)\n"<br /> printf "\tabsolute addr: addr absolute addr: *addr\n"<br /> printf "\tbyte insn: mov byte ptr byte insn: movb\n"<br /> printf "\tword insn: mov word ptr word insn: movw\n"<br /> printf "\tdword insn: mov dword ptr dword insn: movd\n"<br /> printf "\tfar call: call far far call: lcall\n"<br /> printf "\tfar jump: jmp far far jump: ljmp\n"<br /> printf "\n"<br /> printf "Note that order of operands in reversed, and that AT&T syntax\n"<br /> printf "requires that all instructions referencing memory operands \n"<br /> printf "use an operand size suffix (b, w, d, q).\n"<br /> printf "\n"<br />end<br />document tip_syntax<br />Summary of Intel and AT&T syntax differences<br />end<br /><br />define tip_display<br />printf "\n"<br />printf "Any expression can be set to automatically be displayed every time\n"<br />printf "the target stops. The commands for this are:\n"<br />printf "\t`display expr' : automatically display expression 'expr'\n"<br />printf "\t`display' : show all displayed expressions\n"<br />printf "\t`undisplay num' : turn off autodisplay for expression # 'num'\n"<br />printf "Examples:\n"<br />printf "\t`display/x *(int *)$esp` : print top of stack\n"<br />printf "\t`display/x *(int *)($ebp+8)` : print first parameter\n"<br />printf "\t`display (char *)$esi` : print source string\n"<br />printf "\t`display (char *)$edi` : print destination string\n"<br />printf "\n"<br />end<br />document tip_display<br />Tips on automatically displaying values when a program stops.<br />end<br /># __________________gdb options_________________<br />set confirm off<br />set verbose off<br />#set prompt \033[01;m\033] niel@gdb $ \033[0m<br />set prompt \033[31mgdb $ \033[0m<br />set output-radix 0x10<br />set input-radix 0x10<br /># These make gdb never pause in its output<br />set height 0<br />set width 0<br /># why do these not work???<br />set $SHOW_CONTEXT = 1<br />set $SHOW_NEST_INSN=0<br /><br />set disassembly-flavor intel<br /><br /><br />#EOF</blockquote>http://gviz.blogspot.com/2007/08/fun-debugging-with-gdb.htmlnoreply@blogger.com (Unknown)0tag:blogger.com,1999:blog-7865284935253612822.post-413513840847187768Sat, 18 Aug 2007 12:46:00 +00002007-08-18T06:14:03.264-07:00Today another of those scam mails hit my Inbox and these days I get at least one of them daily. Are all the spammers moving into scamming??!!! :)<br /><br />A searchable collection/database of scam mails, phishing sites and various other internet frauds can be found at http://scamdex.com/<br /><br />"<br />Miss Mariam Konate.<br />Cote d'ivoire<br />West Africa<br /><br />Dearest,<br />Permit me to inform you about this proposal I am daughter of late lieutenant cornel Paul in Abidjan,Cote d'ivoire, in west Africa.<br /> <br />My late father Konate died and left me and my mother Gloria my name is Mariam Konate. I am 20years old .<br /><br />My late father Konate owns many companies before he died which he left for my mother Mrs Gloria Konate.<br /><br />Within a year of my fathers death, my Mother Mrs. Gloria Konate was killed by hired killers, after my mother was killed my fathers lawyer called me to hand over my late fathers documents to me, after my fathers lawyer have handed over the documents to me, my uncle started demanding for the Documents of my late fathers wealth.<br /> <br />I now called my fathers lawyer, he came and told my uncle that my father made a will that all his properties belongs to me. After my fathers lawyer have made that statement my uncle started fighting against me to an extend he went and arranged for hired killers to kill I and my younger brother.<br /> <br />The first time they came to our home when I wasn't around, my younger brother Emmanuel was shot and two of our security men was killed also before the police men came, they had escaped, that made me to park out of the compound i thought it will be over that way but it continue happening, that makes me to stop going to school.Because i am afraid let something not happen to me in school premises,That is the reason why i contacted you as an honest person so that you can help me in transferring my late fathers money into your bank account.<br /> <br />The said fund is ($6Million) six Million United state dollars,has been deposited into one of the banks in Abidjan,Cote d'ivoire, in west Africa.<br /><br />I will offer 20% of the total amount to you for your help in transferring of this fund successfully to your account, and after transferring the money i can come over to your country and continue my education. Please do help me and God will blessYou.<br /><br />Mariam Konate<br />"http://gviz.blogspot.com/2007/08/youve-got-scam.htmlnoreply@blogger.com (Unknown)0tag:blogger.com,1999:blog-7865284935253612822.post-6471886051485140782Sun, 12 Aug 2007 13:28:00 +00002007-08-12T06:47:36.390-07:00<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2eqv2H6IKk0YXdoiZcuWD0pbrWmCVtV1ORGpX9lMvNDSiMujLjRvfCufb6TLLXizS1FPzn-sSBjsRo6di_Hc1stI9Hd7TuA9DuB1h9wF4-3S9gAXzvRilnH4gly50MNdiDGPzEFoWpbU/s1600-h/snapshot2.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2eqv2H6IKk0YXdoiZcuWD0pbrWmCVtV1ORGpX9lMvNDSiMujLjRvfCufb6TLLXizS1FPzn-sSBjsRo6di_Hc1stI9Hd7TuA9DuB1h9wF4-3S9gAXzvRilnH4gly50MNdiDGPzEFoWpbU/s320/snapshot2.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5097810209476446306" /></a><br />Loaded Kubuntu on my laptop and everything seems to work out of the box :)http://gviz.blogspot.com/2007/08/linux-for-humans.htmlnoreply@blogger.com (Unknown)0tag:blogger.com,1999:blog-7865284935253612822.post-2706003440966791228Sun, 29 Jul 2007 16:32:00 +00002007-07-29T10:55:25.969-07:00<p><a href="http://www.siteadvisor.com/quizzes/phishing_0707/">http://www.siteadvisor.com/quizzes/phishing_0707/</a></p>http://gviz.blogspot.com/2007/07/phishing-quiz.htmlnoreply@blogger.com (Unknown)0tag:blogger.com,1999:blog-7865284935253612822.post-3150833969090893680Fri, 20 Jul 2007 12:04:00 +00002007-07-29T10:22:32.093-07:00Blog("Hello Blogging")http://gviz.blogspot.com/2007/07/hello-blogging.htmlnoreply@blogger.com (Unknown)0