==Phrack Inc.==
Volume 0×0b, Issue 0×3e, Phile #0×06 of 0×10
|=—————=[ Kernel-mode backdoors for Windows NT ]=————–=|
|=———————————————————————–=|
|=—————–=[ firew0rker <firew0rker@nteam.ru> ]=—————-=|
|=—————-=[ the nobodies <http://www.nteam.ru> ]=—————=|
–[ Table of contents
1 - PREFACE
When you develop an add-in for excel 2003, you will get this link error message if you just import the type-lib.
The error produces because some IID are redefined in mso.olb
How to solve it? There are two ways:
1. Rename the name.
For example, rename(”DiagramNode”,”MSODiagramNode”)
2. If you won’t use that object, you can simply exclude them.
Following is the correct import declaration: Continue Reading »
BSOD …
BSOD again …
My poor filter driver! 
I don’t know why it fails because it is almost the same as the sample from MS . (I comment all of my own code)
I have to debug it. Fortunately, I have VM …
1. Right click “My computer”, Properties->Advanced->”Startup and Recovery”->”Settings”, set the dump type and path.
2. Load my driver … the blue screen comes again … restart …
7882-15976C-CC
1. Using CreateFileMapping and MapViewOfFile to create a file ampping;
2. Using GetMappedFileName to get the file name.
Following is an example from MSDN.
For remote files, it prints the device name received from the function.
For Local files, it converts the path to use a driver letter and prints the path.
#include <windows.h> #include <stdio.h> #include <tchar.h> #include <string.h> #include <psapi.h>
#define BUFSIZE 512
1. Why we need allocate memory by ourselves?
In a kernel driver function, you’d better allocate memory by yourself instead of defining a variable.
For example, you need use a struct _STRUCT_TEST, you should
_STRUCT_TEST* pTest = ExAllocatePoolWithTag(NonPagedPool,
sizeof(_STRUCT_TEST),
YOUR_FLAG);
But not: Continue Reading »
KeBugCheck(POWER_FAILURE_SIMULATE);
Now, I know what you’re thinking, but you’re wrong. This will *not* bugcheck the machine. It will actually call HalReturnToFirmware(HalRebootMachine), right after processing bugcheck callbacks. No BSOD, no crash dump, just a clean, simple, immediate reboot.
Another method
Continue Reading »
扩展名是bat(在nt/2000/xp/2003下也可以是cmd)的文件就是批处理文件。
==== 注 =======================================
.bat是dos下的批处理文件
.cmd是nt内核命令行环境的另一种批处理文件
从 更广义的角度来看,unix的shell脚本以及其它操作系统甚至应用程序中由外壳进行解释执行的文本,都具有与批处理文件十分相似的作用,而且同样是由 专用解释器以行为单位解释执行,这种文本形式更通用的称谓是脚本语言。所以从某个程度分析,batch, unix shell, awk, basic, perl 等脚本语言都是一样的,只不过应用的范围和解释的平台各有不同而已。甚至有些应用程序仍然沿用批处理这一称呼,而其内容和扩展名与dos的批处理却又完全 不同。
===================================
首先批处理文件是一个文本文件,这个文件的每一行都是一条DOS命令(大部分时候就好象我们在DOS提示符下执行的命令行一样),你可以使用DOS下的Edit或者Windows的记事本(notepad)等任何文本文件编辑工具创建和修改批处理文件。
==== 注 ===================
批 处理文件中完全可以使用非dos命令,甚至可以使用不具有可执行特性的普通数据性文件,这缘于windows系统这个新型解释平台的涉入,使得批处理的应 用越来越”边缘化”。所以我们讨论的批处理应该限定在dos环境或者命令行环境中,否则很多观念和设定都需要做比较大的变动。
========================
This is a instreseting and impressive movie in the year of 2006. It is a low cost movie and even no stars. — but it is really good!
Mr. Hoover
A loser although he write a book : “9 steps to become winner”
Mrs. Hoover
A housewife who are very busy but can’not even cook a good meal.
The grandpa
Drugger, like strip and porn.
Frank
Mrs. Hoover’s brother. Professor, gay, falling in love with his student. After he failed to end his life, he live with Hoover’s family.
Dwayne
The son. Hate every thing but Nietzsche. Want to become a pilot of jet.
Olive
The daughter. Fat and short sight, dreaming of getting the beauty competition’s crown.
Favorite Thing #1 : Chat on a pier
FROM THE SCRIPT:
Dwayne:
“Sometimes I wish I could just go to sleep until I was eighteen. Just skip all this crap — high school and everything. Just skip it…”
Frank:
“Y’ever hear of Marcel Proust?”
Dwayne:
“He’s the guy you teach?”
Frank:
“Yeah. French writer. Total loser.Never had a real job. Unrequited love affairs. Gay. Spent twenty years writing a book almost no one reads. But… he was also probably the greatest writer since Shakespeare. Anyway, he gets down to the end of his life, he looks back and he decides that all the years he suffered — those were the best years of his life. Because they made him who he was. They forced him to think and grow, and to feel very deeply. And the years he was happy? Total waste. Didn’t learn anything.”
Dwayne grins.
Frank:
“So, if you sleep until you’re eighteen… (Scoffs.) Think of the suffering you’ll miss!”After that they both put on T-shirts Frank bought them that say “LOSER” in big block letters.
Later when events turn awry at the pageant, Richard, Frank, Dwayne and Sheryl join Olive on stage and boogey right alongside her — making her feel like the winner she already is.
Just goes to show what family’s all about, doesn’t it?
Softice is one of the best debugging tools. But unfortunately, skype is not compatible with it.
(Damned Skype!!!) So the best way to use softice is in the VM.
Usage:
1. Modify VMWare’s configuration file. ( *.vxm ) Add two lines:
vmmouse.present = “FALSE”
svga.maxFullscreenRefreshTick = “5″
2. Create a same directory like your host machine where is your source code in, and place your source code in it.
3. Using “Symbol Loader” to open your binary. (For example: SFilter.sys, a file system filter driver, debug version), then click “Module->Translate” to create a symbol. At last , load the symbol.
4. “Ctrl+D” to call softice and set break point .
5. When the softice breaks, you can see the source code in the softice’s window.
