Phrack issue #66 has been released today. Available at http://www.phrack.org
I was messing around with optimizations and IDA Pro today in an attempt to get some dead code compiled into a program intentionally. I thought this would be a 10 second task, and in some ways it was. However, it took a while because I ended up finding something odd out about Visual Studio 2008 (untested on older versions).
Let's take the following code:
#include "stdafx.h"
#include "windows.h"
#include "stdio.h"
static void foo()
{
printf("Inside function foo. This should never be called\n");
return;
}
int _tmain(int argc, _TCHAR* argv[])
{
printf("This is main. It doesn't do squadoosh!\n");
return 0;
}
Under unix world with gcc I can simply compile this program using the flag -O0 to disable optimizations. I then can execute objdump -d to determine that indeed my code is present in the binary.
*SNIP*
08048374 foo:
8048374: 55 push %ebp
8048375: 89 e5 mov %esp,%ebp
8048377: 83 ec 08 sub $0x8,%esp
804837a: c7 04 24 98 84 04 08 movl $0x8048498,(%esp)
8048381: e8 2a ff ff ff call 80482b0 printf@plt
8048386: c9 leave
8048387: c3 ret
08048388 main:
8048388: 55 push %ebp
8048389: 89 e5 mov %esp,%ebp
804838b: 83 ec 08 sub $0x8,%esp
804838e: 83 e4 f0 and $0xfffffff0,%esp
8048391: b8 00 00 00 00 mov $0x0,%eax
8048396: 83 c0 0f add $0xf,%eax
8048399: 83 c0 0f add $0xf,%eax
804839c: c1 e8 04 shr $0x4,%eax
804839f: c1 e0 04 shl $0x4,%eax
80483a2: 29 c4 sub %eax,%esp
80483a4: c7 04 24 cc 84 04 08 movl $0x80484cc,(%esp)
80483ab: e8 00 ff ff ff call 80482b0 printf@plt
80483b0: b8 00 00 00 00 mov $0x0,%eax
80483b5: c9 leave
80483b6: c3 ret
80483b7: 90 nop
However in Visual Studio it's not quite as cut and dry. I disabled all optimizations and spent what amounted to nearly two hours trying to disable whatever it was that was keeping the compiler from adding my deadcode to the binary. I ended up chatting with a coworker of mine and he suggested I remove the "static" modifier from the foo function. Sure enough, as soon as I did this I was able to compile the dead code into the function. So after much face banging into desk I figured out that Visual Studio will always optimize out static functions regardless of the optimization settings configured in the project properties.
This makes no sense since the word static is intended to only allow the local file access to the function, it should have no impact on the optimizations of the binary as a whole. If anyone with more programming expertise than I can explain a valid reason for this optimization, please help me out.
I absolutely loved this post by a colleague at "the anti-shazzzam" blog. She has some excellent incites and wrote a fantastic piece on the unwritten laws of the security researcher. These laws can be expanded to encompass just about any research related field, but has specific twists and caveats to the nerd side of security research. I highly recommend that anyone doing security research read and digest these unwritten rules on how to make your (and everyone's) life quite a bit easier.
The entire article is HERE. The rules in their entirety are pasted below for posterity. Please go to her blog for comments and additional interesting reading!
1. Do not release 0day that was accidentally pasted into a SILC/IRC channel. Quick edit is evil, and a few of us (*cough*) have had the right mouse button get away from us and accidentally paste a day.s work into a channel. We squeek and hope that people in that channel decide to keep it to themselves. We signed that NDA, we do not want a lawsuit.
2. Do not steal research. If someone said something that sparks your own research tangent, indulge like a horse at a salt lick. But if someone casually drops a reference to their current research idea or project, do not feverishly research and release it before they do.
3. The page-up button is our friend. Scroll-back exists. Chat is logged. Do not expect people to welcome you back with open arms if you exhibit poor behavior. Don.t be a dick.
4. Research ideas are the bread and butter of potential future revenue and recognition. Keep research to yourself until it is mostly infallible and is developed enough to be digested by the public. If the research is not tangible enough, expect that it will be further developed by someone else, or ripped apart by opposing research. Joanna Rutkowska is a prime example of how not to promote your research. People probably would not have wanted to shred her so badly if she had presented herself a little bit differently.
5. Do not talk about other.s research before they do. Chances are that a friend of yours has told you what they are working on. Let them decide when they want to start the buzz.
6. Give credit. It is probably not a good idea to post to your work distribution list a word-for-word the answer to a question that was asked in a channel. Some of the people who provided you with the answer probably work with you. If the product of your labor depends on another.s help, give them credit.
7. Thank the people who help you. They probably took time out of their very busy day with no personal benefit, just to help you succeed. Make their day by letting them know how positively beneficial they are.
8. Cite your sources! If you are expanding on someone else.s research, state it in your paper, blog, or slide deck. If your idea came from somewhere else, state it.
9. Review other.s research. All researchers need a sanity check and an extra pair of eyes to go over their work before it is released.
10. Make yourself available. The entire community (not to mention the entire security sphere) benefits by people acting as resources for other.s improvement.
11. Choose your conduct wisely. People remember. Shady behavior is noted quickly. A lot of security researchers rely on each other as trusted sources. If you behave badly, your story will live forever.
12. Preserve anonymity. Unless explicitly stated, do not expose another.s identity, associations, or opinions without their permission.
I have been doing a bit of reading on social network graphing and general social network theories and concepts. Visualization techniques can be very effective when attempting to analyze social networks and the resulting gathered data. This is evidenced by the paper entitled "De-anonymizing Social Networks" by Arvind Narayanan and Vitaly Shmatikov. If you are interested in social network graphing and/or general visualization give this paper a go.
We all know the economy is continuing to take the proverbial plan b all over the tech job industry. The question really isn't "will it effect me?", my guess is yes, the question really is "how is this going to effect me". It may not directly cost you your job, but it will effect you in other ways, stifling innovation, limiting new technologies to hit the market, and generally causing a downturn in "cool stuff" going on.
According to the Techcrunch Layoff Tracker there were 317,000+ laid off tech employees through today. Will the gloom and doom ever end? Layoffs tend to be a trailing indicator of economic downturn, so don't use this as a prediction of future trends, but I doubt we've seen the bottom as of yet. For those of you still with a job, congratulations, and for those of you currently on the employment sidelines, good luck.
My question to my loyal reader is: How will this effect the information security landscape? Will budgets be cut in this area thus highly effecting the service and product providers in the space, or is security such a necessity that we will be immune to the economic slump? Please leave thoughts and ideas in the comments, this is an open forum post today. There is no right answer.
Thanks Warlord for the link! Funny stuff!
Time for a mishmosh post. I presented at Source Boston and CarolinaCon conferences this past week. Both were absolutely awesome. Both the people and talks were fantastic. I promised everyone that the paper and source code would be available this week, so here are links to both.
Anti-Debugging - A Developers View (PDF Format)
Paper associated Visual Studio solutions and source code
If the above isn't enough of a post for you interested readers, I submit for your viewing pleasure... the three best Muppet singing voices in history! Have a great St. Patrick's Day!
Source Boston conference starts tomorrow. I will be speaking Friday morning. Anyone who will be in Bean town this week please drop me an email (txs@donkeyonawaffle.org). I'll be available for drinks/food/general mayhem.
My brother pointed me to this link today. It's not the most high tech talk you'll ever see, but it is very funny and very inspirational. Mike Rowe is the host of the show dirty jobs on the Discovery Channel. He has a very interesting past including being a late night pitchman for the QVC channel as well as being a professional Opera singer with the Baltimore Opera. On the show Dirty Jobs he has done some of the most menial and dirty jobs in history and, with few exception, did the job with a smile on his face. He has some very interesting and valuabel insights into what "work" really is and how it has degraded within today's high tech society. Take 20 minutes and watch this video.
Page 1 of 14 [Next]
