Archive for the 'Software' Category
Oh, and a hint for everyone who is still greping through the bash history to find the command he used … well, way back. Try Ctrl+R 
Yeah, hit Ctrl+R when on the console and enter the first few characters of the command line you search in the history. Now let’s say you had multiple entries to cp a file somewhere, then simply use Ctrl+R again to “go back” within the search matches.
BTW: If you ever mistakenly entered a sensitive password on the command line, use export HISTSIZE=0, log out and log back in, the history will be gone. Of course this erases the whole bash history, so better don’t enter the password on the command line in the first place 
Oh, and another one. Are you still logging off just to apply the settings of a changed .bashrc or .bash_aliases? Forget about it, use . ~/.bashrc or (which is the same) source ~/.bashrc, to apply the variables to your currently running shell session. I expect my readers to be intelligent enough to vary the scheme and apply it to .bash_aliases and, well, other files 
// Oliver
Yes, indeed bash has become my favorite shell. Not only is it so versatile, but some of those advanced features make it best-suited for almost any task you’ll ever face on a console. And if it is not enough for a particular task, a simple perl -e or a few of those typical POSIX utilities such as find, awk, tr, cut, cat, grep, tar, bzip2, gzip and so on in a row piping output from one to the other will do wonders.
Besides, with the subshells that you can create on demand using backticks or, for example $(commands) are wonderful when used in conjunction with SSH to pipe input from/to a remote SSH session. Yes, scrap SCP and SFTP, SSH can do without them. In fact I built a little (bash) script at FRISK, which can be used to deploy certain files to all target systems and then even execute commands there. SSH-authentication via private/public key can be so useful if you have a distributed build-system
Anyway, recently I already showed what nice things you can do with Bash, by “hooking” a script that you wouldn’t otherwise want to modify. Now it’s time to reveal how my .bashrc looks. Note, that I use the same .bashrc for my own account and for the super user, so some code is simply never called when running as a normal user. I hope this will help others to create their own customized version of .bashrc …
Download my .bashrc here
// Oliver
Today, searching for references to DDKWizard, I found that several people have posted misleading information in response to others recommending DDKWizard. For the most part they are recommending to use the DDK/WDK build environment. Bravo. That’s just what DDKWizard does, except that DDKWizard makes it a breeze to create and configure such projects. The magic behind DDKWizard is not the Visual Studio compiler and linker, but one of the OSR DDKBUILD scripts. This makes projects created with DDKWizard as portable as any other DDK/WDK project but leaves the developer with the option to work on the project conveniently from within the Visual Studio IDE.
So no worries, using DDKWizard will not use the Visual Studio compiler and linker (something that Microsoft advises against, when developing drivers), but will instead use the DDK/WDK build environment.
Feedback and project template contributions are generally appreciated.
// Oliver
After purchasing a new notebook, a friend convinced me to test Ubuntu on it. Since I am a Debian fan and Ubuntu is based on Debian, he didn’t have a hard time convincing me. So after figuring out the correct boot parameters (heck, why doesn’t it do this on its own?), I was able to start and install the system.
For the most part it went smoothly, but I had to choose manual partitioning since I didn’t want the partitioner to fiddle with my setup. Apart from some minor issues at a point where I hadn’t figured out the correct boot parameters, this was easy. So I set up boot, root and swap partitions. After that the installation went through.
Continue reading ‘Ubuntu Gutsy Gibbon’
Remko, fellow developer and friend through the common ties to an OSS project, has opened his own website and blog. Take a look. I find the articles up to now most enjoyable. Especially the programming-related stuff
// Oliver
Seit Version 3 war ich bei Nero Burning ROM als Kunde dabei und seit Version 7 graust es mir vor einem Upgrade. Warum nur hat der Hersteller diesen Irrweg eingeschlagen und packt allen Mist mit dazu? Schlimmer noch, seit Version 6 (aktuellere habe ich danach nichtmal mehr probiert) kann ich nichtmal auswählen, daß ich diese oder jene Komponente nicht installieren will. Warum bietet man eine immer noch bessere “Edition” (seit neuestem “Ultra Edition”) an, anstatt dem Kunden die Wahl zu lassen und es mit dem guten alten Nero Burning ROM zu einem angemessenen Preis bewenden zu lassen.
Sehr sehr schade 
// Oliver
A few weeks ago some people were trying to convince me (but they didn’t manage to) that any program that loads a library (i.e. binary) which is under GPL has to be under GPL automatically as well. Now, this viral nature of the GPL is what sucks most with the GPL and that’s the reason I try to avoid it in most cases - and in fact I am going to cancel distribution of one of my programs under GPL and will make it available under a more liberal license.
Continue reading ‘The day we put Windows under GPL’
Einige werden es bereits aus privaten Konversationen wissen, der Rest weiß es eben jetzt … ich halte mich als einer von sieben Vertretern von FRISK Software in Wien bei der Virus Bulletin Konferenz 2007 auf. Hier trifft man nette Leute und kann sich - zumindest wenn kein Manager danebensteht - auch mal offen mit Kollegen aus anderen Firmen austauschen. Beispiel: gestern habe ich einige Leute kennengelernt, aber die beiden angenehmsten Bekanntschaften für mich waren Nicolas Brulez und Boris Sharov. Ersterer ist vielen Reversern sicherlich ein Begriff und hat sich auch als Autor von Armadillo (ein kommerzieller EXE-Packer) einen Namen gemacht. Letzterer wiederum ist der CEO (kurz: Chef) von Dr.Web Antivirus, einem der beiden Antivirenhersteller aus Rußland. Ansonsten trifft man hier viele Leute die “in der Szene” bekannt sind, einige die sonst nur hinter den Kulissen tätig sind und so weiter. Alles in allem bin ich bei meinem Erstbesuch positiv überrascht. Abgesehen davon sind hier natürlich jede Menge Österreicher mit ihrem sympathischen Akzent (und Dialekt).
… darf es noch etwas Orangensaft sein, der Herr?
// Oliver
PS: Gestern abend haben wir auch ein zünftig “österreichisches” Abendessen gehabt. Es gab Döner und Dürüm
function GetSIDTBaseAddress: DWORD; assembler; asm sub esp, 8 // create stack frame sidt qword ptr [esp] mov eax, dword ptr [esp+2] // write into EAX for return value add esp, 8 // clean up stack end;
… or if the sidt opcode is unknown:
Continue reading ‘Getting the SIDT base address with Delphi’
Hey. For those among you, who have actually updated to RC2, here is a little fix, if you like manual patchwork. If you prefer the easy way, just download RC3 here. Apologies!
This fix is yet another issue that can be traced to the NT script interpreter. The problem is the wrong handling of string substitution with empty strings. In case of an empty string, the substitution string is wrongly considered to be the actual content to set. Of course with unpleasant consequences.
Anyway, if you like the manual fix, search for:
set PATH_EXTSHORT=%PATH_EXTSHORT:~0,4%
and replace it with
if not "" == "%PATH_EXTSHORT%" set PATH_EXTSHORT=%PATH_EXTSHORT:~0,4%
// Oliver
It has been almost half a year since DDKWizard got updated last time. But now it’s time for an update. Some accumulated reports of glitches and issues - especially those that bugged me most in daily use - got me to update the wizard finally. It has been almost a year since the very first version of DDKWizard was released to the public and it seems that at least a part of the driver community actually adopts it as a convenient way to create driver (and other) projects inside Visual Studio.
Despite many small changes and fixes, this release changes one file name, the notorious CustomVars.vsprops to <ProjectName>.vsprops. Furthermore the manual has been updated and DLL and CUI projects can now also contain a message file (.mc), which was offered before, but didn’t work properly until this version.
I hope you enjoy this update. Let me know - here in the blog or via email.
- Direct download
- Project website
// Oliver
PS: Don’t forget to subscribe to the RSS feed, if you are interested in future update notifications. This feed is dedicated to DDKBUILD and DDKWizard.
This release fixes minor issues found to cause DDKBUILD.CMD to fail under certain conditions, especially when either the DDK/WDK or the project was located in a folder that contained spaces or that had long (folder/file) names without spaces.
One common example would be:
C:\Program Files\WINDDK
While most of this can be attributed to the setenv.bat script (part of the DDK/WDK), which is flawed, there should have been an easy workaround. It turned out the easiest way could be to use short (i.e. 8.3) file names. However, the NT script interpreter is flawed. Exactly the part which is supposed to convert long to short file/folder names fails with the extension. Example: when calling a sub or a script, the parameters get passed as %1 through %x (x being the number of the last parameter). If you use for /?, you can easily see that %~fs1 is supposed to remove the surrounding double quotes from the first parameter, expand it to a full path (including drive letter, folder path, file name and file extension) and return it as a short file name. However, it appears that exactly this part is flawed (looks like the return buffer is not properly zero-terminated), because the extension (if a long folder name part contained a dot) does not get cut off after four characters (including the dot). That means a long path such as 3790.1830 (well known from the Windows 2003 Server DDK) gets translated to 3790~1.1831830 instead of the expected 3790~1.183.
Continue reading ‘DDKBUILD release candidate 2 (update #1)’
Habe soeben die zweite SpeedCommander 12 Betaversion angetestet und muß sagen, daß die Benutzbarkeit weiter zugenommen hat. Die auch mit Vista eingeführte, sogenannte “Brotkrumen-Navigation” ist der der Hammer - und natürlich auch für mich als XP-Anwender verfügbar.
Meine weiteren persönlichen Highlights (entnommen hier):
- Frei konfigurierbare Statuszeile
- Binärprefixe werden nach IEC 60027-2 angezeigt (KiB, MiB, GiB)
- Neue Spalte für Detailansicht: Anzahl der zusätzlichen Datenströme (ADS)
- Anzeige und Löschen von Datenströmen (Datei - Mehr Eigenschaften)
- Kennzeichnung von Verbindungspunkten und symbolischen Links in der Spalte “Dateityp” sowie “Größe” (nur NC-Modus)
- Spezielle Kennzeichnung von FTP-Adressen (SFTP/FTPS) für den direkten Aufruf aus der History
- FTP: Unterstützung von UTF8 bei FTP (optional) und bei SFTP (fest)
- SpeedEdit: Unterstützung von UTF8
- SpeedEdit: Anzeige von Zeilennummern
- Filterattribut für Verbindungspunkte
Mit “Verbindungspunkt” ist ein Junction bzw. Reparse Point gemeint.
// Oliver
… I’ve been a Debian fan for a while and after managing different machines as well as the server on which this blog runs, it’s only natural that I installed Debian on my primary machine now as secondary operating system. Why secondary? Well, it would be foolish to develop Windows software on Linux, wouldn’t it?
Anyway, the reason I write this here is another one, I want to provide the solution to the problem of using the WLAN card built into my machine. It was a problem at first, especially since the recipies vary, but now that I got the bigger picture, I wanted to share my findings.
Continue reading ‘Confession of a Windows developer’
Heise meldet: unter dem Titel “GDatas Antivirenlösungen für Unternehmen ohne Kaspersky-Scanner” … “[…] Stattdessen setzen die Produkte für Unternehmen in den aktuellen Versionen auf die F-Prot-Engine von Frisk […]”.
Ich wußte es ja schon ein Weilchen, aber da es jetzt offiziell ist
// Oliver
Michał ‘GiM’ Spadliński, a Polish blogger wrote in his article “Czy Redpill Joanny Rutkowskiej jest poprawny?“:
Oliver Schneider (Reverse Engineer pracujący dla F-Prota) opublikował […] artykuł, datowany na pierwszego kwietnia, który wcale nie wygląda na prima aprilisowy żart.
This made me really laugh. No, I have to admit my Polish is not the best (and getting worse due to lack of exercise), but I could clearly understand the quoted parts and quite some more.
Continue reading ‘No it wasn’t an April Fool’s joke’
No, this time it is not a binary file for download. It is a website. Hope you enjoy as much as I did when pointed to it by a colleague.
This website allows you to look up DLL versions and when they were bundled with which product and so on. Very nice idea.
// Oliver
… here Kaspersky claims:
An advisory has recently been published on rootkit.com regarding a vulnerability in KAV 7.0. Unfortunately, the authors of this material chose not to adhere to industry standard practice, and contact the vendor prior to disclosing vulnerability details. Although the authors claim that all attempts to inform Kaspersky Lab about this vulnerability were ignored, this is not the case: if we had been informed, this issue would have been addressed long ago.
I am really upset by this! I reported this vulnerability back in October 2005 in the Kaspersky subforum at malware-research.co.uk, a closed forum for security professionals, and one person from Kaspersky Labs Netherlands replied and said it would be taken care of. Back then (before the reply) I wrote that if they would not respond in due time I’d publish it (without details) through public channels which was taken as a threat by the person who responded. Interestingly I did never check again and it was almost one year later (September 2006) that I joined FRISK Software International and thus the AV industry.
Also fascinating, I am not the one who published it on rootkit.com, instead I chose to contact them in a closed security-aware community and the result was apparently the same, Kaspersky chose to ignore it in the end in both cases. I can well imagine that “the authors claim that all attempts to inform Kaspersky Lab about this vulnerability were ignored”.
Excuse me, but the claims in the above quote are ridiculous to say the least.
// Oliver
BTW: I met said person at the AV Workshop this year. A few weeks after the workshop a bug that I reported more than 18 months ago surfaces again (in one of their latest products!). Amazing!