четверг, 29 ноября 2012 г.

wincheck rc8.32

Download mirror
Changelog:
  • add dumping some internals of ci.dll (like g_CiOptions & g_CiKernelApis). Thanks to Alex Ionescu for this idea
  • add dumping of BootEnvironmentInformation (5th dword from ExpBootEnvironmentInformation used in many interesting functions like SepIsMinTCB, he-he)
  • add dumping of EPROCESS.SignatureLevel & EPROCESS.SectionSignatureLevel (w8 only)
  • some bugs were fixed

суббота, 24 ноября 2012 г.

wincheck rc8.31

Download mirror
Changelog:
  • fixed all places where -nopads option gave false positives (f.e. when need to check table/data instead of function address)
  • fixed bad definition of NDIS_MINIPORT_INTERRUPT on w7 64bit
  • fixed message "Unknown kernel ntoskrnl.exe, StartAddress 390, IrpList 3F0, StackLimit 30, StackBase 278". It seems that in w7 sp1 64bit somewhere between 6.1.7601.17514 & 6.1.7601.17944 structure ETHREAD was changed
  • some bugs were fixed

пятница, 23 ноября 2012 г.

Algorithms Sequential and Parallel

This book is standard of "strategy of default". Some real quotes (page 211):
It should be noted that the running time of this algorithm can be reduced to O(log n log log n) by applying some techniques that are outside the scope of this text. In addition, the problem can also be solved by first sorting the elements in Θ(log n) time and then selecting the required element in Θ(1) time. This Θ(log n) time sorting routine is also outside the scope of this book. In fact, Θ(n) optimal-cost algorithms for the selection problem on a PRAM are known. These algorithms are also outside the scope of this text.
What I must do if I really need this out of scope algos & techniques ?

вторник, 20 ноября 2012 г.

wincheck rc8.30

Download mirror
Changelog:
  • add -nopads option to not include section padding for addresses analysis. Thanks to Cr4sh for this idea
  • add shortcut option -full to make all kernel checks with one option
  • fixed some wrong function names for W32pServiceTable
  • some bugs were fixed

четверг, 15 ноября 2012 г.

wincheck rc8.29

Download mirror
Changelog:
  • add g_CiEnabled & g_CiCallbacks checking
  • add dumping of ole32.dll security info (gAuthnLevel etc) - works only for 32bit processes
  • some bugs where fixed

How to Design Programs

I finished reading of this book today
IMHO it`s totally useless book in the same row with Design Patterns and Clean Code
  • The book about recursive functions even does not refer to master theorem ! Epic fail
  • It seems that functional style of thinking has some serious problems. For example task from chapter 41.3 can be easily solved without incapsulating list of cards inside closure - you just need to swap old first card to the second position:
    (local ((define old-card (make-hand (hand-rank a-hand) (hand-suite a-hand) (hand-next a-hand))))
    (begin (set-hand-rank! a-hand rank)
           (set-hand-suite! a-hand suite)
           (set-hand-next! a-hand old-card))) 
Also this books won`t teach you how to program with scheme bcs it doesn't describe
  • macros
  • lazyness
  • errors processing
  • continuation
  • hash tables
  • etc etc

суббота, 3 ноября 2012 г.

pyside for ida pro 6.3 - part 2

Finally I built it !
I already posted patch for shiboken
This is patch for pyside from GIT: