tag:blogger.com,1999:blog-6500013526312550562024-03-13T21:08:05.838+02:00System ProgrammingThis blog is dedicated to low level programming in Assembler and C/C++ (although, C++ is unwelcome) in either *Nix or Windows based operating systems.Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.comBlogger38125tag:blogger.com,1999:blog-650001352631255056.post-85134196147134873572018-08-17T20:55:00.002+02:002018-08-18T11:09:50.480+02:00Idea for a New Book on x86 Assembly
Good time of the day, my dear readers!
It has [again] been too long since my last post - I admit the guilt. This time of silence, however, was not spent in vain. I have collected much more knowledge, gained much more experience and, as a result, have much more to share with you in a hope that it will be useful.
I always wanted to write a book on Intel Assembly language ("Mastering Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com0tag:blogger.com,1999:blog-650001352631255056.post-18650630146572149252018-03-17T18:48:00.001+02:002018-03-17T18:48:48.361+02:00Pointers in C (demystified)
I have
recently realized that I have not been posting here for almost precisely two years,
which is an unforgivable pause for a blogger. Hope my readers would forgive me
this. Thinking of what I should write about next, I realized that I have entirely forgotten about an essential thing. The thing, I would probably
say. Which is, it is not only what I want to write about, but also what my
Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com0tag:blogger.com,1999:blog-650001352631255056.post-34720597659814606012018-03-12T22:49:00.000+02:002018-03-12T22:49:40.437+02:00"Mastering Assembly Programming" - the review
I have recently been contacted by one of my respected readers, who has not only purchased the book but also offered to write a review once he is done reading it. Given the fact that, by now, I have not received much feedback on the book at all, I agreed, although felt a bit uncomfortable. After all, this is my first book and the only reviews I saw this far were those written by the editorial Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com0tag:blogger.com,1999:blog-650001352631255056.post-40619636711403770702017-09-27T23:43:00.003+02:002017-09-27T23:43:40.007+02:00My First Book is Out
Dear readers,
this post is going to be just a few lines long. After a long period of silence, the first thing I am going to do is announce the publishing of my first book "Mastering Assembly Programming", which you may find here.
Please do not judge too hard. It is, after all, my first one :)
P.S. I have been too quiet for too long. Will post another article in a day or too.
Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com0tag:blogger.com,1999:blog-650001352631255056.post-50882656103297480392015-04-03T00:08:00.000+02:002017-09-18T00:26:09.150+02:00Linux Loadable Kernel Module in Assembly
Hello everyone! First of all, sorry for being silent for the last two years. There have been certain reasons for this. Anyway, I am back and I am going to share a portion of what I've learnt over this period.
Before I begin, as usual, a note for nerds: the code in this article is for demonstration purposes only and does not contain certain things, like error checking, that would otherwise beAlexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com0tag:blogger.com,1999:blog-650001352631255056.post-10171346132685172552013-01-10T15:37:00.000+03:002013-01-10T15:48:03.622+03:00Genetic Algorithms. Lame Example - Solving Quadratic Equation
Source code to this article may be found here.
There are numerous resources on the Internet, that provide description of the theory of Genetic Algorithms and theoretical explanation thereof. I, however, have found a bit more then none giving a real example (I may have not searched that good, though). Therefore, I decided to try and implement the theory into a live example. While there are Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com30tag:blogger.com,1999:blog-650001352631255056.post-82714458313819558372013-01-07T12:58:00.000+03:002013-01-09T15:40:15.788+03:00Anti Piracy? The insider's view
<!--[if gte mso 9]>
<![endif]-->
<!--[if gte mso 9]>
Normal
0
false
false
false
EN-US
JA
X-NONE
<![endif]--><!--[if gte mso 9]>
Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com2tag:blogger.com,1999:blog-650001352631255056.post-52003864333998662102012-10-22T17:20:00.001+03:002012-10-26T13:21:15.503+03:00Exception Driven "Debugging": Getting behind anti debugging tricks.
Of course, every debugging is exception driven. At least because a breakpoint generates debug exception wich is passed to debugger. In this article, however, I will refer to regular exceptions.
There are tens if not hundreds of software protectors used by software vendors around the globe. Some are good, some are less good, in either case, vendors rarely use them in a proper way, thinking Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com5tag:blogger.com,1999:blog-650001352631255056.post-7181768417269233922012-10-18T19:52:00.000+03:002012-10-18T19:52:01.510+03:00Method of Computer Virus Detection. Sad story of a patent application
It was quite a long time ago (an epoch ago by terms of software development). Around the end of 2005 and beginning of 2006. I was then working for Aladdin Knowledge Systems' eSafe unit as a computer virus researcher (my first formal RE job). Detection methods were quite poor at that time, even heuristic ones (not that they are THAT good these days). There was quite a lot noise about the Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com4tag:blogger.com,1999:blog-650001352631255056.post-76801620089234201562012-09-04T19:49:00.000+03:002012-09-04T19:50:37.959+03:00Time Series Analysis and Forecasting. Programming Approach - thoughts
"Certain things are impossible...
Until an ignoramus appears, who is not aware of that".
Time Series - a sequence of data points, measured typically at successive time instants spaced at uniform time intervals.
There are quite a lot of things that may fit this definition. For example, air temperature changes throughout the day (let's say, hourly measured), distance from the Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com13tag:blogger.com,1999:blog-650001352631255056.post-51870302643806442892012-08-31T20:35:00.000+03:002012-08-31T20:35:37.230+03:00Emulation of Hardware. CPU & Memory
There are tens of hardware platforms (although, some people would say that there is only one - computer ;-) ). Each one has its own advantages over others and disadvantages as well. For example Intel is the most used platform for desktops, ARM and MIPS are widely used in embedded systems and so on. Sometimes, a need may arise to test/debug executable code written for platform other then the oneAlexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com3tag:blogger.com,1999:blog-650001352631255056.post-74538532356413739652012-05-30T04:36:00.000+03:002012-05-30T15:32:33.361+03:00CreateRemoteThread. Bypass Windows 7 Session Separation
Internet is full of programmers' forums and those forums are full with questions about CreateRemoteThread Windows API function not working on Windows 7 (when trying to inject a DLL). Those posts made by lucky people, somehow, redirect you to the MSDN page dedicated to this API, which says: "Terminal Services isolates each terminal session by design. Therefore, CreateRemoteThread failsAlexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com18tag:blogger.com,1999:blog-650001352631255056.post-9701247303169369882012-05-23T18:57:00.000+03:002012-05-23T22:47:52.785+03:00Passing Events to a Virtual Machine
The source code for this article may be found here.
Virtual machines and Software Frameworks are an initial part of our digital life. There are complex VM and simple Software Frameworks. These two articles (Simple Virtual Machine and Simple Runtime Framework by Example) show how easy it may be to implement one yourself. I did my best to describe the way VM code may interact with native code Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com0tag:blogger.com,1999:blog-650001352631255056.post-23412178464581349512012-05-19T17:53:00.001+03:002012-05-20T22:55:54.398+03:00Simple Runtime Framework by Example
Source code for this article may be found here.
These days we are simply surrounded by different software frameworks. Just to name a few: Java, .Net and, actually, many more. Have you ever wondered how those work or have you ever wanted or needed to implement one? In this article, I will cover a simple or even trivial runtime framework.
As usual - note for nerds:
The source code given inAlexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com0tag:blogger.com,1999:blog-650001352631255056.post-60895826702419032862012-05-17T22:30:00.000+03:002012-05-17T22:30:56.281+03:00Basics of Data Obfuscation
Source code for this article may be found here.
One of the aspects of software anti RE (reverse engineering) protection is the need to protect sensitive data (for example decryption or license keys, etc.) There is quite a common practice of storing such data in encrypted form and using it by passing to a certain routine for decryption. I am not going to say, that this is not a good idea, but Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com17tag:blogger.com,1999:blog-650001352631255056.post-4995055218245530782012-03-21T23:40:00.001+03:002012-03-22T03:20:20.661+03:00Linux Threads Through a Magnifier: Remote Threads
Source code for this article may be found here.
Sometimes, a need may rise to start a thread in a separate process and the need is not necessarily malicious. For example, one may want to replace library functions or to place some code between the executable and a library function. However, Linux does not provide a system call that would do anything similar to CreateRemoteThread Windows API Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com4tag:blogger.com,1999:blog-650001352631255056.post-5323900711153785732012-03-17T20:10:00.000+03:002012-03-17T20:10:22.063+03:00Linux Threads Through a Magnifier: Local Threads
Source code for this article is here.
Threads are everywhere. Even now, when you browse this page, threads are involved in the process. Most likely, you have more than one tab opened in the browser and each one has at least one thread associated with it. The server supplying this page runs several threads in order to serve multiple connections simultaneously. There may be unnumbered examplesAlexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com12tag:blogger.com,1999:blog-650001352631255056.post-8540003500514377362012-03-06T21:31:00.000+03:002012-03-06T21:31:56.381+03:00Faking KERNEL32.DLL - an Amateur Sandbox
As a part of my work (read "fun") of maintaining this blog, I am constantly checking the statistic information on traffic sources and keywords (it's nice to know that people are getting here via Google) in order to see whether my readers are getting what they are looking for (personally, I see no reason in simply "streaming my consciousness to the masses" as this is not the point of this blog).Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com5tag:blogger.com,1999:blog-650001352631255056.post-41277505911426195712012-03-04T19:41:00.000+03:002012-03-04T19:41:14.828+03:00Trivial Artificial Neural Network in Assembly Language
Source code for this article may be found here.
Note for nerds: The code shown in this article may be incomplete and may not contain all the security checks you would usually perform in your code as it is given here for demonstration purposes only. Downloadable source code may contain bugs (there is no software without bugs at all). It is provided as is without any warranty. You may use and Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com12tag:blogger.com,1999:blog-650001352631255056.post-26067482514131214082012-03-02T17:35:00.000+03:002012-03-02T17:35:02.736+03:00Defeating Packers for Static Analysis of Malicious Code
I doubt whether there is anybody in either AV industry or among reverse engineers who does not know what a software packer is (for those who don't - this article may help). Malware research and reverse engineering forums are full of packers' related questions, descriptions thereof, unpacking suggestions and links to both packers and unpackers. In short - people have been doing a lot of preciousAlexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com4tag:blogger.com,1999:blog-650001352631255056.post-13329442288326648342012-03-02T00:01:00.000+03:002012-03-05T17:17:37.618+03:00Dynamic Code Encryption as an Anti Dump and Anti Reverse Engineering measure
Source code for this article may be found here.
There has been said and written too much on how software vendors do not protect their products, so let me skip this. Instead, in this article, I would like to concentrate on those relatively easy steps, which software vendors have to take in order to enhance their protection (using packers and protectors is good, but certainly not enough) by notAlexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com13tag:blogger.com,1999:blog-650001352631255056.post-6423624640488438152012-02-29T22:05:00.000+03:002012-02-29T22:05:01.176+03:00Vectored Exception Handling for Linux
Source code for this article may be found here.
The title of this article may look weird. In deed, why would someone want to use Vectored Exception Handling in Linux, while this OS provides a perfectly working mechanism - signals? Well, there are several possible answers:
Many programmers, who started their career with Windows programming, are getting a bit frustrated when it comes to Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com0tag:blogger.com,1999:blog-650001352631255056.post-23459987862359884032012-02-27T18:42:00.000+03:002012-02-29T16:37:07.175+03:00Basics of Executable Code Obfuscation
Source code for this article may be found here.
The problem of software security has already been raised in my previous articles more that once. This article is not an exception.
Majority of software vendors position themselves as number one in the industry, even though there are always more then 1 number 1. But what unites them all (well, almost all) in reality, it the fact that Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com7tag:blogger.com,1999:blog-650001352631255056.post-21759292368704495902011-12-25T01:50:00.000+03:002011-12-25T01:50:29.107+03:00Merry Christmas!Alexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com0tag:blogger.com,1999:blog-650001352631255056.post-43851848183718766822011-12-22T01:16:00.000+03:002011-12-25T16:18:43.991+03:00Simple Virtual Machine
Sample code for this article may be found here.
In computing, Virtual Machine (VM) is a software implementation of either existing or a fictional hardware platform. VM's are generally divided into two classes - system VM (VM which is capable of running an operating system) and process VM (the one that only can run one executable, roughly saying). Anyway, if you are just interested in theAlexey Lyashkohttp://www.blogger.com/profile/13663908781307440762noreply@blogger.com21