address - Dave's Blog

Search

Tweet from Jen Gentleman 🌺

2016 Oct 8, 2:19
In case you were wondering: Yes, the new address bar that was added to RegEdit supports Alt+D to set keyboard focus 😊
PermalinkComments

Cdb/Windbg Commands for Runtime Patching

2016 Feb 8, 1:47

You can use conditional breakpoints and debugging commands in windbg and cdb that together can amount to effectively patching a binary at runtime. This can be useful if you have symbols but you can't easily rebuild the binary. Or if the patch is small and the binary requires a great deal of time to rebuild.

Skipping code

If you want to skip a chunk of code you can set a breakpoint at the start address of the code to skip and set the breakpoint's command to change the instruction pointer register to point to the address at the end of the code to skip and go. Voila you're skipping over that code now. For example:

bp 0x6dd6879b "r @eip=0x6dd687c3 ; g"

Changing parameters

You may want to modify parameters or variables and this is simple of course. In the following example a conditional breakpoint ANDs out a bit from dwFlags. Now when we run its as if no one is passing in that flag.

bp wiwi!RelativeCrack "?? dwFlags &= 0xFDFFFFFF;g"

Slightly more difficult is to modify string values. If the new string length is the same size or smaller than the previous, you may be able to modify the string value in place. But if the string is longer or the string memory isn't writable, you'll need a new chunk of memory into which to write your new string. You can use .dvalloc to allocate some memory and ezu to write a string into the newly allocated memory. In the following example I then overwrite the register containing the parameter I want to modify:

.dvalloc 100
ezu 000002a9`d4eb0000 "mfcore.dll"
r rcx = 000002a9`d4eb0000

Calling functions

You can also use .call to actually make new calls to methods or functions. Read more about that on the Old New Thing: Stupid debugger tricks: Calling functions and methods. Again, all of this can be used in a breakpoint command to effectively patch a binary.

PermalinkCommentscdb debug technical windbg

Tweet from David_Risney

2015 Aug 4, 3:08
Very helpful site to determine which channels you're likely able to receive OTA based on your address or zip code: http://gomohu.com/xbox/ 
PermalinkComments

Super Mario World “Completed” in Under 3 Minutes by Corrupting the RAM | minimaxir

2013 Apr 3, 4:46

This is essentially an AV exploit against Super Mario World that results in running the end game code. Watch the video. “…there’s a glitch that’s been known for a while, where Yoshi can end up in the “I have an item in my mouth” state, but not actually have an item in his mouth. When he spits out this nothingness, the game crashes. …That address did not contain code, and so the system crashed. But wait a second. What if, by some sheer coincidence, that address did contain code? The specific address dropped him in somewhere amongst various data for the game’s internal random number generator, and the random number generator can be manipulated in a TAS. Could the game be coerced into running arbitrary code?…”

PermalinkCommentshumor game hack mario

Windows Remote Desktop via Internet

2012 Dec 7, 2:04
To setup my home Windows dev box to be accessible from outside I followed two main steps:
Last time I had to do this there was a service named dynamicdns.org which seems to still exist but no longer appears to be free. Instead I used dnsdynamic.org which is free and has a web API as well as links to and instructions for setting up native tools to dynamically update my IP address.
PermalinkComments

I'm an American and I want to watch the Olympics. What do I do? (iamnotaprogrammer.com)

2012 Jul 28, 12:05

One persons quest to watch the Olympics online.

The location requirements (guessed at via IP address) are irritating. The requirement that you have a particular cable subscription to view video online seems like not network neutrality.

Also this related article:

http://techcrunch.com/2012/07/27/nbc-olympic-opening-ceremony/

PermalinkCommentsolympics video internet web

Changing Windows Live IDs

2012 Jun 6, 2:54

Use of my old Hotmail account has really snuck up on me as I end up caring more and more about all of the services with which it is associated. The last straw is Windows 8 login, but previous straws include Xbox, Zune, SkyDrive, and my Windows 7 Phone. I like the features and sync'ing associated with the Windows Live ID, but I don't like my old, spam filled, hotmail email address on the Live ID account.

A coworker told me about creating a Live ID from a custom domain, which sounded like just the ticket for me. Following the instructions above I was able to create a new deletethis.net Live ID but the next step of actually using this new Live ID was much more difficult. My first hope was there would be some way to link my new and old Live IDs so as to make them interchangeable. As it turns out there is a way to link Live IDs but all that does is make it easy to switch between accounts on Live Mail, SkyDrive and some other webpages.

Instead one must change over each service or start over depending on the service:

Xbox
In the Xbox 360 system menu you can change the Live ID associated with your gamertag. This worked fine for me and I got an email telling me about the transfer of my Microsoft Points.
Zune
There's no way to do this for the Zune specifically, however changing over your Xbox account also transfers over all your Zune purchased content. I don't have a Zune Pass so I can't confirm that, but all of my previously purchased television shows transferred over successfully.
Windows 7 Phone
To change the main Live ID associated with your phone, reset your phone to factory default and start over. All purchased applications are lost. Had I purchased any applications I would have been pissed, but instead I was just irritated that I had to reset my phone.
Mail
I don't use my Hotmail account for anything and it only sits and collects spam. Accordingly I didn't attempt switching this over.
SkyDrive
I didn't have much in my SkyDrive account. I downloaded all files as a zip and then manually uploaded them to the new account.
PermalinkCommentshotmail domain win8 skydrive technical windows live-id

Alternate IPv4 Forms - URI Host Syntax Notes

2012 Mar 14, 4:30

By the URI RFC there is only one way to represent a particular IPv4 address in the host of a URI. This is the standard dotted decimal notation of four bytes in decimal with no leading zeroes delimited by periods. And no leading zeros are allowed which means there's only one textual representation of a particular IPv4 address.

However as discussed in the URI RFC, there are other forms of IPv4 addresses that although not officially allowed are generally accepted. Many implementations used inet_aton to parse the address from the URI which accepts more than just dotted decimal. Instead of dotted decimal, each dot delimited part can be in decimal, octal (if preceded by a '0') or hex (if preceded by '0x' or '0X'). And that's each section individually - they don't have to match. And there need not be 4 parts: there can be between 1 and 4 (inclusive). In case of less than 4, the last part in the string represents all of the left over bytes, not just one.

For example the following are all equivalent:

192.168.1.1
Standard dotted decimal form
0300.0250.01.01
Octal
0xC0.0XA8.0x1.0X1
Hex
192.168.257
Fewer parts
0300.0XA8.257
All of the above

The bread and butter of URI related security issues is when one part of the system disagrees with another about the interpretation of the URI. So this non-standard, non-normal form syntax has been been a great source of security issues in the past. Its mostly well known now (CreateUri normalizes these non-normal forms to dotted decimal), but occasionally a good tool for bypassing naive URI blocking systems.

PermalinkCommentsurl inet_aton uri technical host programming ipv4

URI Percent Encoding Ignorance Level 0 - Existence

2012 Feb 10, 4:00

As a professional URI aficionado I deal with various levels of ignorance on URI percent-encoding (aka URI encoding, or URL escaping). The basest ignorance is with respect to the mere existence of percent-encoding. Percents in URIs are special: they always represent the start of a percent-encoded octet. That is to say, a percent is always followed by two hex digits that represents a value between 0 and 255 and doesn't show up in a URI otherwise.

The IPv6 textual syntax for scoped addresses uses the '%' to delimit the zone ID from the rest of the address. When it came time to define how to represent scoped IPv6 addresses in URIs there were two camps: Folks who wanted to use the IPv6 format as is in the URI, and those who wanted to encode or replace the '%' with a different character. The resulting thread was more lively than what shows up on the IETF URI discussion mailing list. Ultimately we went with a percent-encoded '%' which means the percent maintains its special status and singular purpose.

PermalinkCommentsencoding uri technical ietf percent-encoding ipv6

I Know What You Downloaded on BitTorrent… (torrentfreak.com)

2011 Dec 10, 6:49

Public site that tracks who (by IP address) downloads what and lets anyone view this.

PermalinkCommentsprivacy torrent technical

Bug Spotting: Smart pointers and parameter evaluation order

2011 Oct 19, 5:58
The following code works fine. I have a ccomptr named resolvedUri and I want to update its hostname so I do the following:
        CreateIUriBuilder(resolvedUri, 0, 0, &builder);
builder->SetHost(host);
builder->CreateUri(0xFFFFFFFF, 0, 0, &resolvedUri);


But the following similar looking code has a bug:
    ResolveHost(resolvedUri, &resolvedUri);


The issue is that doing &resolvedUri gets the address of the pointer but also clears out the pointer due to the definition of my smart pointer class:
    operator T**()  
{
T *ptrValue = mPtrValue;
mPtrValue->Release();
mPtrValue = NULL;
return &ptrValue;
}


In C++ there’s no guarantee about the order in which parameters for a function or method are evaluated. In the case above, &resolvedUri clears out the ccomptr before evaluating resolvedUri.Get() and so ResolveHostAlias gets a nullptr.

An interesting and related thread on stack overflow on undefined behavior in C++.
PermalinkCommentsc++ technical bug programming smart-pointer cpp

LulzSec manifesto: "We screw each other over for a jolt of satisfaction"

2011 Jun 20, 2:09"Why did the hackers at Lulz Security ("LulzSec") invade Sony Pictures websites, take down cia.gov, and release 60,000+ e-mail addresses and passwords? For the lulz, of course—but what might look lulzy to one person could certainly enrage another. In honor of its 1,000th tweet, the witty wankers of LulzSec released a manifesto of sorts, defending their actions to the angry Internets."PermalinkCommentsinternet security privacy hack technical

draft-denog-v6ops-addresspartnaming-03 - Naming IPv6 address parts

2011 Apr 6, 3:52Humorous quote from the doc: "While we readily agree that the naming of IPv6 address parts is not the most pressing concern the Internet is facing today, a common nomenclature is important for efficient communication."PermalinkCommentshumor technical ipv6 name documentation ietf rfc

Berners Street Hoax - Wikipedia, the free encyclopedia

2010 Dec 6, 12:17Ye olde DoS: "The Berners Street Hoax was perpetrated by Theodore Hook in the City of Westminster, London, in 1809. Hook had made a bet with his friend, Samuel Beazley, that he could transform any house in London into the most talked-about address in a week, which he achieved by sending out thousands of letters in the name of Mrs Tottenham, who lived at 54 Berners Street, requesting deliveries, visitors, and assistance."PermalinkCommentshumor history prank

Urban Speaker, A Remote Public Address Art Installation

2010 Oct 6, 2:31PermalinkCommentsart qrcode qr sign phone cellphone

Access Hulu from Outside the U.S. Without a Proxy Server

2010 Jul 12, 7:11How to get around Hulu's physical location filtering: Use something like Fiddler to add the X-Forwarded-For header that HTTP proxies with an IP address associated with a phyiscal location you desire and block your port 1935 which Flash uses for RTMP (see http://kb2.adobe.com/cps/164/tn_16499.html)PermalinkCommentshulu proxy security tv howto technical

Google and Outlook Calendar Sync'ing

2010 Jul 8, 9:00
I previously described my desire to hook my Outlook calendar up to my Google calendar. I just found out that I can do this and the reverse as both support publishing calendars to the Internet. The following are how I set this up under Outlook 2010 and Google Calendar:

In Outlook, I go to the calendar view, right click on my calendar and select "Share Publish to Office.com". At this point I can change the permissions to allow anonymous Internet access, and under Detail change between 'Full details' (full calendar), 'Limited details' (subject lines & availability only), 'Availability only'. Availability only is almost just what I want -- I'd also like to include location but availability only is good enough. After hitting OK here I get a 'Do you want to send an invitation...' dialog box. I hit 'Yes' and I can copy the webcals:// URL out of the email window that opens up. Next, to add it to my Google calendar, I open http://www.google.com/calendar/, and under 'Other calendars', I select 'Add Add by URL', paste in that webcals:// URL but change the 'webcals' at the start to 'https'.

In Google Calendar, I can click on my calendar name under 'My calendars', select 'Calendar settings', and on the new page, look under 'Calendar Address', click the ICAL icon, and copy the URL in the new dialog. Now back in Outlook I go to the Calendar view, right click on 'My Calendars', and select 'Add Calendar From Internet...'. In the new dialog that pops up I paste in the URL from Google Calendar.

In this fashion I can share public calendar data between my personal and work calendars.
PermalinkComments

WebSandbox - Microsoft Live Labs

2010 May 6, 7:16"Today web gadgets, mashup components, advertisements, and other 3rd party content on websites either run with full trust alongside your content or are isolated inside of IFrames. As a result, many modern web applications are intrinsically insecure, often with unpredictable service quality. Live Labs Web Sandbox addresses this problem."PermalinkCommentsweb browser web-sandbox technical javascript html windows live security sandbox microsoft silverlight

RFC 5735 - Special Use IPv4 Addresses

2010 Jan 15, 7:05Section 4 has a summary table with all the various special use IPv4 address blocks.PermalinkCommentsreference rfc ipv4 ip internet ietf

IANA — .ARPA Zone Management

2010 Jan 15, 3:19"The .arpa domain is the “Address and Routing Parameter Area” domain and is designated to be used exclusively for Internet-infrastructure purposes. It is administered by the IANA in cooperation with the Internet technical community under the guidance of the Internet Architecture Board. For the management guidelines and operational requirements of the .arpa domain, see RFC 3172."PermalinkCommentstechnical arpa dns domain zone internet rfc reference iana
Older Entries Creative Commons License Some rights reserved.