Yes, indeed bash has become my favorite shell. Not only is it so versatile, but some of those advanced features make it best-suited for almost any task you’ll ever face on a console. And if it is not enough for a particular task, a simple perl -e or a few of those typical POSIX utilities such as find, awk, tr, cut, cat, grep, tar, bzip2, gzip and so on in a row piping output from one to the other will do wonders.
Besides, with the subshells that you can create on demand using backticks or, for example $(commands) are wonderful when used in conjunction with SSH to pipe input from/to a remote SSH session. Yes, scrap SCP and SFTP, SSH can do without them. In fact I built a little (bash) script at FRISK, which can be used to deploy certain files to all target systems and then even execute commands there. SSH-authentication via private/public key can be so useful if you have a distributed build-system 
Anyway, recently I already showed what nice things you can do with Bash, by “hooking” a script that you wouldn’t otherwise want to modify. Now it’s time to reveal how my .bashrc looks. Note, that I use the same .bashrc for my own account and for the super user, so some code is simply never called when running as a normal user. I hope this will help others to create their own customized version of .bashrc …
Download my .bashrc here
// Oliver
Today, searching for references to DDKWizard, I found that several people have posted misleading information in response to others recommending DDKWizard. For the most part they are recommending to use the DDK/WDK build environment. Bravo. That’s just what DDKWizard does, except that DDKWizard makes it a breeze to create and configure such projects. The magic behind DDKWizard is not the Visual Studio compiler and linker, but one of the OSR DDKBUILD scripts. This makes projects created with DDKWizard as portable as any other DDK/WDK project but leaves the developer with the option to work on the project conveniently from within the Visual Studio IDE.
So no worries, using DDKWizard will not use the Visual Studio compiler and linker (something that Microsoft advises against, when developing drivers), but will instead use the DDK/WDK build environment.
Feedback and project template contributions are generally appreciated.
// Oliver
Remko, fellow developer and friend through the common ties to an OSS project, has opened his own website and blog. Take a look. I find the articles up to now most enjoyable. Especially the programming-related stuff
// Oliver
A few days ago I registered the domain delphi-jedi.net.
The www and @ alias lead to www.delphi-jedi.org and delphi-jedi.org respectively. Furthermore it’s being worked on to create a number of subdomains. If you are a JEDI project administrator and would like to have simple email forwarding and/or a subdomain to this domain, please contact me (see the Contact link above).
// Oliver
PS: The subdomain could work via A-record (DNS) or via HTTP redirect. Also possible is hosting on my server.
newvserver is a truly convenient script to create a new vserver and have it largely preconfigured. Too sad it lacks the necessary flexibility … you think? Think twice. Bash gives newvserver the flexibility that you need!
Alright, so you figured out that /etc/vservers/newvserver-vars gets sourced by newvserver, but how can that help? Well, since we know that functions can override commands or builtins, we will have to find a strategically nice point in the newvserver script where we can override some command. After some searching I found the vserver call quite fitting. This is being done (without giving an explicit path to the vserver script) after the vserver build command, which is called using the absolute (full) path. So how about creating a function that will mimick the behavior of the vserver script under normal circumstances, but will do what we expect it to do under certain circumstances?
Continue reading ‘Let’s pimp ‘newvserver’’
To be able to install Visual Studio 2003 without prerequisites, start the setup.exe from the setup subfolder with the following parameter:
/NO_BSLN_CHECK
A complete command line would look like this:
N:\setup\setup.exe /NO_BSLN_CHECK
// Oliver
A few weeks ago some people were trying to convince me (but they didn’t manage to) that any program that loads a library (i.e. binary) which is under GPL has to be under GPL automatically as well. Now, this viral nature of the GPL is what sucks most with the GPL and that’s the reason I try to avoid it in most cases - and in fact I am going to cancel distribution of one of my programs under GPL and will make it available under a more liberal license.
Continue reading ‘The day we put Windows under GPL’
OSR just updated their DDKBUILD.BAT to version 6.11! If you use this version, I recommend to update.
As usual either at OSR Online or at the DDKWizard homepage.
// Oliver
#if defined(_COM_SMARTPTR)
#if !defined(_COM_SMARTPTR_TYPEDEF)
#if defined(_COM_SMARTPTR_LEVEL2)
The error was:
comdef.h(266) : error C2004: expected ‘defined(id)’
comdef.h(266) : error C1012: unmatched parenthesis : missing ‘)’
// Oliver
function GetSIDTBaseAddress: DWORD; assembler;
asm
sub esp, 8 // create stack frame
sidt qword ptr [esp]
mov eax, dword ptr [esp+2] // write into EAX for return value
add esp, 8 // clean up stack
end;
… or if the sidt opcode is unknown:
Continue reading ‘Getting the SIDT base address with Delphi’
Hey. For those among you, who have actually updated to RC2, here is a little fix, if you like manual patchwork. If you prefer the easy way, just download RC3 here. Apologies!
This fix is yet another issue that can be traced to the NT script interpreter. The problem is the wrong handling of string substitution with empty strings. In case of an empty string, the substitution string is wrongly considered to be the actual content to set. Of course with unpleasant consequences.
Anyway, if you like the manual fix, search for:
set PATH_EXTSHORT=%PATH_EXTSHORT:~0,4%
and replace it with
if not "" == "%PATH_EXTSHORT%" set PATH_EXTSHORT=%PATH_EXTSHORT:~0,4%
// Oliver
It has been almost half a year since DDKWizard got updated last time. But now it’s time for an update. Some accumulated reports of glitches and issues - especially those that bugged me most in daily use - got me to update the wizard finally. It has been almost a year since the very first version of DDKWizard was released to the public and it seems that at least a part of the driver community actually adopts it as a convenient way to create driver (and other) projects inside Visual Studio.
Despite many small changes and fixes, this release changes one file name, the notorious CustomVars.vsprops to <ProjectName>.vsprops. Furthermore the manual has been updated and DLL and CUI projects can now also contain a message file (.mc), which was offered before, but didn’t work properly until this version.
I hope you enjoy this update. Let me know - here in the blog or via email.
- Direct download
- Project website
// Oliver
PS: Don’t forget to subscribe to the RSS feed, if you are interested in future update notifications. This feed is dedicated to DDKBUILD and DDKWizard.
This release fixes minor issues found to cause DDKBUILD.CMD to fail under certain conditions, especially when either the DDK/WDK or the project was located in a folder that contained spaces or that had long (folder/file) names without spaces.
One common example would be:
C:\Program Files\WINDDK
While most of this can be attributed to the setenv.bat script (part of the DDK/WDK), which is flawed, there should have been an easy workaround. It turned out the easiest way could be to use short (i.e. 8.3) file names. However, the NT script interpreter is flawed. Exactly the part which is supposed to convert long to short file/folder names fails with the extension. Example: when calling a sub or a script, the parameters get passed as %1 through %x (x being the number of the last parameter). If you use for /?, you can easily see that %~fs1 is supposed to remove the surrounding double quotes from the first parameter, expand it to a full path (including drive letter, folder path, file name and file extension) and return it as a short file name. However, it appears that exactly this part is flawed (looks like the return buffer is not properly zero-terminated), because the extension (if a long folder name part contained a dot) does not get cut off after four characters (including the dot). That means a long path such as 3790.1830 (well known from the Windows 2003 Server DDK) gets translated to 3790~1.1831830 instead of the expected 3790~1.183.
Continue reading ‘DDKBUILD release candidate 2 (update #1)’
Just found it out, although it’s not hard to find if you know where to look. If you put a line such as the following into your SOURCES file, you will be able to make use of the delay-load-feature that is provided by the Microsoft compilers (which includes the one in the DDK :wink:):
DELAYLOAD=advapi32.dll;user32.dll;shell32.dll
This means it is a list of DLLs separated by semi-colons. Very useful to make applications quit gracefully on systems for which they weren’t designed (e.g. NT-apps on 9x/ME).
// Oliver
She and a partner, Alexander Tereshkin, have published the source to BluePill, or rather a rewrite called New BluePill (NBP), since Rutkowska’s previous employer owns the rights to the original one:
http://www.bluepillproject.org
The source is a little flawed, at least the version I got. It requires three minor corrections, but I am not sure whether this is an intentional hurdle for script-kiddies or a difference between the in-lab source and the one being published. Anyway, it’s not hard at all to figure it out. The source won’t compile with the WNET DDK, though - and presumably won’t compile with even older DDKs either. This means you have to get the Vista WDK or the beta of the 2008 Server WDK. The problem for the WNET DDK seem to be the assembly parts in the source, so this may be possible to be fixed, however, I didn’t try. The executable is around 50 kiB big. Obviously compiles only for AMD64
Continue reading ‘Joanna Rutkowska gets serious ;)’
This will be a well-known method name to those of my readers who ever dealt with context menu shell-extensions. Since I am at the moment resuming the work on my own multi-purpose shell-extension, I also searched for resources and there appears to be a strange misconception on how this method should be used.
Here the prototype:
HRESULT IContextMenu::QueryContextMenu(
HMENU hmenu,
UINT indexMenu,
UINT idCmdFirst,
UINT idCmdLast,
UINT uFlags
);
Continue reading ‘IContextMenu::QueryContextMenu‘
Michał ‘GiM’ Spadliński, a Polish blogger wrote in his article “Czy Redpill Joanny Rutkowskiej jest poprawny?“:
Oliver Schneider (Reverse Engineer pracujący dla F-Prota) opublikował […] artykuł, datowany na pierwszego kwietnia, który wcale nie wygląda na prima aprilisowy żart.
This made me really laugh. No, I have to admit my Polish is not the best (and getting worse due to lack of exercise), but I could clearly understand the quoted parts and quite some more.
Continue reading ‘No it wasn’t an April Fool’s joke’
Ptacek, Lawson and Ferrie - well-known security specialists - joined up to challenge Rutkowska and prove that her virtualization rootkit BluePill (up to now AMD-specific) is detectable regardless of her claims. The above link leads to her official reply to them.
Rutkowska likes to speak in absolutes, as it seems. In one instance I could even falsify one of her claims concerning VMM detection from within a VM using the interrupt descriptor table address as an indicator. This shows she is human as everyone, but having her own company now and being busy all the time (who is not?) she never found the time to respond to my articles 
Anyway, this gets me really excited about who will win the challenge, but Peter Ferrie, being a former FRISK employee, has all my sympathies 
// Oliver
No, this time it is not a binary file for download. It is a website. Hope you enjoy as much as I did when pointed to it by a colleague.
This website allows you to look up DLL versions and when they were bundled with which product and so on. Very nice idea.
// Oliver