I've been writing my own PE file packer and I'm stuck at decrypting the code section. So far I've managed to add a new section, crypt the code section, change the entry point so that it runs first my decryption routine, and of course written the decryption routine. The decryption routine is similar to this one Writing a File Infector/Encrypter: Writing the Compiled Stub (3/4), but it's got only a simple xor 7 decryption (most of it is the same I've just changed the decryption routine). As far as I can see in my debugger, the .text (code) section get's decrypted ok but SOMETIMES it stucks in:
call probni-o.__security_init_cookie
(olly dbg say EIP = 0 ), when I say sometimes I mean it, because sometimes it goes ok and my program runs fine, but sometimes not (it goes ok only in a debugger, when I start it normally it won't)
There's also another problem that I've ignored, but don't know if these two problems are linked (probably not); when I add my own section, I've aligned the SizeOfRawData with the section alignment as I've read in a few places, but then my PE file isn't a valid Win32 application, but when I write it without aligning it, it runs ok, so I've ignored it...
Thanks in advance!
Related
I'm working with appBuilder and procedure editor in Progress Release 11.6.
As mentioned in some previous questions, regularly I'm having problems with the appBuilder, not wanting to open files, corrupting them (deleting parts of source code), ..., one of the reasons now seems to be the limit that a procedure cannot exceed 32K, comments included.
At first I thought "Are we back in the stone age?", pardon my reaction.
But now I start thinking that we are completely abusing the whole concept, therefore I'd like to show my view on W-, P- and I-files, please confirm (or correct):
W-files are meant only to contain GUI definitions, like a form with some frames, buttons, fill-in fields, ..., any real programming needs to be done in P-files.
P-files contain the real intelligence: there the procedures and functions are elaborated, that can be used by the rest of the P-files, or finally by the W-files.
I-files are just there to include general behaviour.
Let me give you an example:
W-file:
DEFINE VARIABLE combo_information VIEW-AS COMBOBOX /* with some information on the content, if this is static */
...
ON CHOOSE OF combo_information DO:
RUN very_large_procedure.
END.
...
{about.i} /* see here-after */
...
P-file:
PROCEDURE very_large_procedure:
DO /* a lot */
END.
I-file (about.i):
/* Describes the help-about menu item */
While working like this (only putting the GUI-related things in the W-file and let the "real" programming be done in the P-files), the mentioned 32K limit will never be reached. In top of that, adding a procedure can be done easily, the appBuilder will not delete it as the appBuilder won't ever open the P-file.
Is my view correct (and what about the I-files)?
In case yes: one technical question: how can I launch a procedure from a P-file inside a W-file? (Obviously, the mentioned example can't work as in the W-file I did not mention where to look for the very_large_procedure)
The naming is arbitrary and you may occasionally find other extensions being used. Having said that:
"W" is for "window", it is supposed to contain code that is related to making a GUI work. It is very often abused to contain any sort of code. It is usually abused in that way by people who learned to code on the app builder or who have never coded on anything but Windows.
"P" is for "Progress" and retconned to "Procedure". It was the standard back in the old days prior to the appearance of Windows GUI code. Any "headless" code or character mode code would typically go into a dot-p file.
"I" is for "include". This is a very old school way to create reusable code snippets and common "header files". Include files are commonly parameterized. Potentially with either named or positional arguments.
Another major extension is ".cls" files. These are for OO4GL classes (OpenEdge 10 and above).
Launching procedures is acheived by running them:
RUN myproc.p.
or
RUN guiproc.w.
Or, if by "launch", you mean "start a session" then you use the "-p procedureName" startup parameter along with prowin32.exe or prowin.exe for Windows GUI code or _progres.exe for batch or character code.
So I have ffmpeg writing its progress to a text file, and I need to read the new values (lines) from the said file. How should I approach this using Qt classes in order to minimize the amount of code I have to write?
I don't even have an idea where to start, other than doing ugly things like seeking to the end, storing this pos, then seeking to the end again a bit later and comparing the new pos to the previous one. It's unclear to me if QTextStream can be used here or not, for instance.
I used Win32 API own interface for the file system notification some time ago and that worked 100% reliably. Modern OSes provide us with notifications for the file change. And Qt incorporates such functionality as well. Specifically for the purpose of tracking the file changes I would use QFileSystem::fileChanged signal to start the slot myFileReadNextBuffer() method only in case if the file was changed. But then you would still want to evaluate how many bytes were added by subtracting the previous from the new file length. And there is also relative question here: How to know when and which files are changed in windows filesystem with winapi.
If the file is only growing:
Whether the file is text-based or not I would open it in shared mode and read to the end and read more till the end when the notification received.
I am new to Qt, and I was learning on its Getting Started Page. I want to know what does the following statements mean and why are they required?
In Open function:
if (!file.open(QIODevice::ReadOnly)) {
QMessageBox::critical(this, tr("Error"), tr("Could not open file"));
return;
}
Also in Save function:
if (!file.open(QIODevice::WriteOnly)) {
// error message
}
I was unable to run these functions without these lines. I tried reading about Error Handling in the documentation but couldn't exactly find what do these statements mean.
You can open files for reading and for writing. Using QIODevice::WriteOnly or QIODevice::ReadOnly flags you are specifying mode in which you will open particular file.
But, why does it matter?
Suppose you have one file opened in several instances of different programs, and that there is no such thing as specifying file mode. Now, if every files are reading file - since they all have different pointer to the current position in the file - this is not a problem - since all programs will get the latest and correct information from file. But, if only one programs write something into file - your data will be inconsistent, so other programs will potentially read wrong data.
Intuitive approach would be to send a message to all programs that are attached on this file, so they could update themselves. But - what to do if the file is deleted? Or if there is no possibility to set the proper position in the new data? Also, every program now needs to have interface in order to be notified, and the whole message passing idea can be very slow (aside that it doesn't work).
So - there is simply consensus made - multiple programs can open file for reading - as they will all have the same and consistent data. But, if the only one program is signaling the operating system that it wants to gain write permissions - the file must not be opened in any program - nor for reading - nor for writing! Depending on the implementation, operating system may block the caller until all files are closed, or it can simply ignore the call and send the error information to caller - which is often a better idea, as the program (or the user) can block itself and try again later, or it can simply ask user to save into another destination, or it can send us creepy error message - but it will not be able to write into file.
Last paragraph is describing what is known as multiple readers-single writer technique, so you may want to look it up on the internet or concurrency classes textbooks.
I have an issue regarding mrjob.
I'm using an hadoopcluster over 3 datanodes using one namenode and one
jobtracker.
Starting with a nifty sample application I wrote something like the
following
first_script.py:
for i in range(1,2000000):
print "My Line "+str(i)
this is obviously writing a bunch of lines to stdout
the secondary script is the mrjobs Mapper and Reducer.
Calling from an unix (GNU) i tried:
python first_script| python second_script.py -r hadoop
This get's the job done but it is uploading the input to the hdfs
completely. Just when everything ist uploaded he is starting the
second job.
So my question is:
Is it possible to force a stream? (Like sending EOF?)
Or did I get the whole thing wrong?
Obviously you have long since forgotten about this but I'll reply anyway: No it's not possible to force a stream. The whole hadoop programming model is about taking files as input and outputting files (and possibly creating side effects e.g. uploading the same stuff to a database).
It might help if you clarified what you want to achieve a little more.
However it sounds like you might want the contents of a pipe to be periodically processed, rather than wait until the stream is finished. The stream cant be forced.
The reader of the pipe (your second_script.py) needs break its stdin into chunks, either using
a fixed number of lines like this question and answer, or
non-blocking reads and a preset idle period, or
a predetermined break sequence emitted from first_script.py, such as a 'blank' line consisting of only \0.
I have an odd situation that has only come up in this one orchestration I'm working on.
I have a Receive message come in. I use an Expression shape and write it to a variable "xmlDoc" so I can verify what is in it. I then have a Message Assignment shape where I Load a string of XML to a variable "xmlDoc2" and assign that variable to a second message and write it out so I can verify it. I then have another Expression shape and attempt to write out the first message again and it's apparently been replaced with the second message information.
It's not in a Parallel shape, and the Message Assignment is only building the second message. Between the receive and where I'm seeing this issue, I'm doing a few Decide shapes and building other messages from the Receive message. They all work fine and don't overwrite anything (do the same processes as what I'm trying to do later.)
Anyone seen this before or see something I'm missing?
ETA: The process works a bit like this:
Send Message comes in
xmlDoc = Send Message
xmlDoc.OuterXml is written to a table
xmlDoc2 = "<root><xml></xml></root>"
Second Message = xmlDoc2
xmlDoc2.OuterXml is written to a table
xmlDoc = Send Message <-- What should happen
xmlDoc = Second Message <-- What is happening
I could not reproduce your exact problem but I got close. I think there are some implied statements in your process outline that would be critical for us to understand what's really happening. In any case, I think your BizTalk messages do not get overwritten, but that the XmlDocument variables are.
I think you may have been hit by one of the fundamental confusions a developer coming from a Java or VB6 background encounters when working with C#.
C# is a Managed Language
Please, remember that C# is a managed language, in that it uses a garbage collector to reclaim unused references to objects. The key word here is Reference.
When you write the following lines:
xmlDoc2 = "<root><xml/></root>";
SecondMessage = xmlDoc2;
Basically, you have two references to the same content. Namely, two references xmlDoc2 and SecondMessage which refer to the assigned string.
So, depending upon the code you use to "write out" the XML content of your BizTalk messages, you may be overwriting some references.
Furthermore, if this happens in the context of a Construct shape, you may be inadvertently overwriting the content of the BizTalk message itself.
A Solution?
This problem does not usually manifest itself when working with BizTalk. I personally never encountered this issue.
If you update your original question with the exact code for both Expression shapes and the Assignment shape, I'll update this response with more appropriate guidance.