of page 8 - Dave's Blog

Search
My timeline on Mastodon

Retweet of SwiftOnSecurity

2016 Feb 16, 5:06
#MustRead Apple CEO Tim Cook's letter to customers on FBI's request for assistance hacking an iPhone 5c http://www.apple.com/customer-letter/ …
PermalinkComments

Retweet of erewok

2016 Feb 16, 5:22
This guy sped by me on the freeway. Had a strong feeling this was a Unicode codepoint. In my gut I knew what it was. pic.twitter.com/4B3oHSXXAi
PermalinkComments

Tweet from David_Risney

2016 Feb 16, 2:06
OK Go's beef with YouTube led to latest video release on Facebook: http://www.adweek.com/news/technology/why-ok-go-went-facebook-only-debut-its-buzzy-zero-gravity-music-video-169599 …
PermalinkComments

Retweet of FakeUnicode

2016 Feb 12, 7:25
> typeof NaN 'number' > (╯°□°)╯︵ ┻━┻) ...
PermalinkComments

Retweet of BetaHorton

2016 Feb 12, 1:52
I want to live in a world where coding is as awesome as it appears in the movies #Hackers #NeedASkateboard pic.twitter.com/ai1JkrarTH
PermalinkComments

Retweet of CNNnewsroom

2016 Feb 11, 11:54
That time @BernieSanders & @realDonaldTrump joined @BrookeBCNN live on her set (kinda) h/t @TonyAtamanuik @JAdomian
PermalinkComments

Retweet of Ghostbusters

2016 Feb 11, 11:08
Whether you have a date or not, the world ends on Valentine's Day. Bummer. #Ghostbusters
PermalinkComments

Retweet of amirrajan

2016 Feb 11, 6:46
Somebody please make this text based game a reality. https://medium.com/@pistacchio/i-m-a-web-developer-and-i-ve-been-stuck-with-the-simplest-app-for-the-last-10-days-fb5c50917df#.7bbx2ziut … pic.twitter.com/NbcuQukO1T
PermalinkComments

Retweet of AndyPavia

2016 Feb 11, 1:33
@k_seks @jarennert Using FaceDetect on a Raspberry Pi #WebOnPi #IoT #windows10 @MSEdgeDev pic.twitter.com/Qk2PyoedBP
PermalinkComments

Retweet of SwiftOnSecurity

2016 Feb 10, 11:21
The speed of light suuuuuucks
PermalinkComments

Tweet from David_Risney

2016 Feb 10, 9:56
OK Go is in vomit comet for new video: http://boingboing.net/2016/02/11/ok-gos-new-video-was-shot-in.html …. Looks amazing but I'm constantly worried plane is about to pull up.
PermalinkComments

Retweet of stevefaulkner

2016 Feb 10, 4:57
Chrome change breaks the visual viewport http://www.quirksmode.org/blog/archives/2016/02/chrome_change_b.html … by @ppk via @powrsurg
PermalinkComments

Tweet from David_Risney

2016 Feb 10, 10:20
Internet Archive adds Win3.1 software. http://blog.archive.org/2016/02/11/internet-archive-does-windows-hundreds-of-windows-3-1-programs-join-the-collection/ … Ah the memories. Makes me want to edit my win.ini & config.sys
PermalinkComments

Retweet of mayabielinski

2016 Feb 9, 9:20
Gender bias on GitHub: women's contributions accepted more often than men's - except when gender is identifiable. https://peerj.com/preprints/1733/ 
PermalinkComments

Retweet of SaraGamerKitty

2016 Feb 8, 5:09
The reason Spider-Man was not in Civil War teaser. pic.twitter.com/vcqCviurYj
PermalinkComments

Retweet of doctorow

2016 Feb 8, 5:08
A digital, 3D printed sundial whose precise holes cast a shadow displaying the current time https://boingboing.net/2016/02/09/a-digital-3d-printed-sundial.html … pic.twitter.com/zTSRoXL9a7
PermalinkComments

Cdb/Windbg Commands for Runtime Patching

2016 Feb 8, 1:47

You can use conditional breakpoints and debugging commands in windbg and cdb that together can amount to effectively patching a binary at runtime. This can be useful if you have symbols but you can't easily rebuild the binary. Or if the patch is small and the binary requires a great deal of time to rebuild.

Skipping code

If you want to skip a chunk of code you can set a breakpoint at the start address of the code to skip and set the breakpoint's command to change the instruction pointer register to point to the address at the end of the code to skip and go. Voila you're skipping over that code now. For example:

bp 0x6dd6879b "r @eip=0x6dd687c3 ; g"

Changing parameters

You may want to modify parameters or variables and this is simple of course. In the following example a conditional breakpoint ANDs out a bit from dwFlags. Now when we run its as if no one is passing in that flag.

bp wiwi!RelativeCrack "?? dwFlags &= 0xFDFFFFFF;g"

Slightly more difficult is to modify string values. If the new string length is the same size or smaller than the previous, you may be able to modify the string value in place. But if the string is longer or the string memory isn't writable, you'll need a new chunk of memory into which to write your new string. You can use .dvalloc to allocate some memory and ezu to write a string into the newly allocated memory. In the following example I then overwrite the register containing the parameter I want to modify:

.dvalloc 100
ezu 000002a9`d4eb0000 "mfcore.dll"
r rcx = 000002a9`d4eb0000

Calling functions

You can also use .call to actually make new calls to methods or functions. Read more about that on the Old New Thing: Stupid debugger tricks: Calling functions and methods. Again, all of this can be used in a breakpoint command to effectively patch a binary.

PermalinkCommentscdb debug technical windbg

Tweet from David_Risney

2016 Feb 7, 9:13
Pretty shredded polygons in html & js https://www.clicktorelease.com/code/polygon-shredder/ …
PermalinkComments

Tweet from David_Risney

2016 Feb 4, 10:16
My notes and experience with LetEncrypt on my NearlyFreeSpeech hosted blog: https://deletethis.net/dave/2016-02/Let%27s+Encrypt+NearlyFreeSpeech.net+Setup …. TLDR:difficulty 4/10
PermalinkComments

Retweet of securinti

2016 Feb 4, 6:11
[WRITE-UP] A tale of two offline @google Chrome UXSS vulns!http://ceukelai.re/a-tale-of-two-offline-chrome-uxss-vulns/ … pic.twitter.com/USZmlbVy2M
PermalinkComments
Older EntriesNewer Entries Creative Commons License Some rights reserved.