elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.


 


Tema destacado: ¿Eres nuevo? ¿Tienes dudas acerca del funcionamiento de la comunidad? Lee las Reglas Generales


  Mostrar Mensajes
Páginas: [1] 2 3 4 5 6
1  Foros Generales / Noticias / Re: Descubierto un troyano para Linux en el juego Unreal en: 14 Junio 2010, 18:41
No es en el juego Unreal Tournament, sino en el servidor de IRC UnrealIRCd que son cosas diferentes... :rolleyes:
2  Seguridad Informática / Abril negro / Re: [ABRIL NEGRO][MALWARE]Karcrack Ransom en: 29 Abril 2009, 17:30
Citar
enumera los ficheros accedidos recientemente
¿Que se usa parar dicha tarea?
La clave de registro...MRU?
3  Seguridad Informática / Abril negro / Re: Proyecto Metamorph en: 29 Abril 2009, 17:27
Tiene buena pinta.

¿A que os referís con esto?
Citar
Finalizado Creador BD (Delphi)
4  Programación / Ingeniería Inversa / Re: Prueba 1 - Reto Panda (Solucion) en: 17 Abril 2009, 00:41
Otra solución mas extensa, no por ello mejor:
http://el-blog-de-thor.blogspot.com/2009/04/solucion-al-reto-1-de-panda.html
http://el-blog-de-thor.blogspot.com/2009/04/solucion-al-reto-1-de-panda-ii-parte.html
http://el-blog-de-thor.blogspot.com/2009/04/solucion-al-reto-1-de-panda-iii-parte.html

Un saludo gran Shaddy !
5  Programación / Ingeniería Inversa / Re: Reto Panda en: 2 Abril 2009, 19:40
Puedes empezar desde la zona donde te puede mostrar el mensaje valido e ir hacia atrás viendo que condiciones deben cumplirse para que eso ocurra.
Es tedioso, pero al final sale ;)
6  Programación / Ingeniería Inversa / Re: Reto Panda en: 2 Abril 2009, 11:01
Queremos camisetas !!!
7  Seguridad Informática / Análisis y Diseño de Malware / Re: Introducción a la programación de drivers en Windows en: 16 Octubre 2008, 23:37
Impresionante, espero sacar agallas para probarlo algún día.
8  Programación / .NET (C#, VB.NET, ASP) / Re: Espameando a fotolog en C# en: 23 Agosto 2008, 00:44
Gracias por la aclaración Nork.
9  Programación / .NET (C#, VB.NET, ASP) / Re: Espameando a fotolog en C# en: 22 Agosto 2008, 22:37
Una duda sobre la expresión regular:
Código:
http://www.fotolog.com/\s*([^/]*)\s*>
\s* ?
Entre el http://www.fotolog.com/ y el resto de la url puede haber "blancos"?
Al igual que después de encontrar la / de:
Código:
http://www.fotolog.com/xxxxxx/

Y tampoco entiendo porque se busca el ">".

Diria que vale con esto:
Código:
http://www.fotolog.com/[^/]*

A ver si me lo puedes aclarar, ya que esto de las expresiones regulares me parece algo muy útil.

Un saludo.

10  Seguridad Informática / Abril negro / Re: Abril Negro 2008: Taller de Formato PE by Ferchu en: 17 Abril 2008, 17:08
Creo que el objetivo de la bound table es no tener que rellenar la Import Address Table al arrancar el ejecutable, ejecutándose este algo mas rápido.

Aquí está explicado
Citar
Binding
      When an executable is bound (via the Bind program, for instance), the IMAGE_THUNK_DATA structures in the IAT are overwritten with the actual address of the imported function. The executable file on disk has the actual in-memory addresses of APIs in other DLLs in its IAT. When loading a bound executable, the Windows loader can bypass the step of looking up each imported API and writing it to the IAT. The correct address is already there! This only happens if the stars align properly, however. My May 2000 column contains some benchmarks on just how much load-time speed increase you can get from binding executables.
      You probably have a healthy skepticism about the safety of executable binding. After all, what if you bind your executable and the DLLs that it imports change? When this happens, all the addresses in the IAT are invalid. The loader checks for this situation and reacts accordingly. If the addresses in the IAT are stale, the loader still has all the necessary information from the INT to resolve the addresses of the imported APIs.
      Binding your programs at installation time is the best possible scenario. The BindImage action of the Windows installer will do this for you. Alternatively, IMAGEHLP.DLL provides the BindImageEx API. Either way, binding is good idea. If the loader determines that the binding information is current, executables load faster. If the binding information becomes stale, you're no worse off than if you hadn't bound in the first place.
      One of the key steps in making binding effective is for the loader to determine if the binding information in the IAT is current. When an executable is bound, information about the referenced DLLs is placed into the executable. The loader checks this information to make a quick determination of the binding validity. This information wasn't added with the first implementation of binding. Thus, an executable can be bound in the old way or the new way. The new way is what I'll describe here.
      The key data structure in determining the validity of bound imports is an IMAGE_BOUND_IMPORT_DESCRIPTOR. A bound executable contains a list of these structures. Each IMAGE_BOUND_IMPORT_DESCRIPTOR structure represents the time/date stamp of one imported DLL that has been bound against. The RVA of the list is given by the IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT element in the DataDirectory. The elements of the IMAGE_BOUND_IMPORT_DESCRIPTOR are:

    * TimeDateStamp, a DWORD that contains the time/date stamp of the imported DLL.
    * OffsetModuleName, a WORD that contains an offset to a string with the name of the imported DLL. This field is an offset (not an RVA) from the first IMAGE_BOUND_IMPORT_DESCRIPTOR.
    * NumberOfModuleForwarderRefs, a WORD that contains the number of IMAGE_BOUND_FORWARDER_REF structures that immediately follow this structure. These structures are identical to the IMAGE_BOUND_IMPORT_DESCRIPTOR except that the last WORD (the NumberOfModuleForwarderRefs) is reserved.

      In a simple world, the IMAGE_BOUND_IMPORT_DESCRIPTORs for each imported DLL would be a simple array. But, when binding against an API that's forwarded to another DLL, the validity of the forwarded DLL has to be checked too. Thus, the IMAGE_BOUND_FORWARDER_REF structures are interleaved with the IMAGE_BOUND_IMPORT_DESCRIPTORs.
      Let's say you linked against HeapAlloc, which is forwarded to RtlAllocateHeap in NTDLL. Then you ran BIND on your executable. In your EXE, you'd have an IMAGE_BOUND_IMPORT_DESCRIPTOR for KERNEL32.DLL, followed by an IMAGE_BOUND_FORWARDER_REF for NTDLL.DLL. Immediately following that might be additional IMAGE_ BOUND_IMPORT_DESCRIPTORs for other DLLs you imported and bound against.

Buen tutorial, un saludo.
Páginas: [1] 2 3 4 5 6
Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines