Search Results

Search found 9387 results on 376 pages for 'double byte'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 201/376 | < Previous Page | 197 198 199 200 201 202 203 204 205 206 207 208  | Next Page >

  • Jumping into argv?

    - by jth
    Hi, I`am experimenting with shellcode and stumbled upon the nop-slide technique. I wrote a little tool that takes buffer-size as a parameter and constructs a buffer like this: [ NOP | SC | RET ], with NOP taking half of the buffer, followed by the shellcode and the rest filled with the (guessed) return address. Its very similar to the tool aleph1 described in his famous paper. My vulnerable test-app is the same as in his paper: int main(int argc, char **argv) { char little_array[512]; if(argc>1) strcpy(little_array,argv[1]); return 0; } I tested it and well, it works: jth@insecure:~/no_nx_no_aslr$ ./victim $(./exploit 604 0) $ exit But honestly, I have no idea why. Okay, the saved eip was overwritten as intended, but instead of jumping somewhere into the buffer, it jumped into argv, I think. gdb showed up the following addresses before strcpy() was called: (gdb) i f Stack level 0, frame at 0xbffff1f0: eip = 0x80483ed in main (victim.c:7); saved eip 0x154b56 source language c. Arglist at 0xbffff1e8, args: argc=2, argv=0xbffff294 Locals at 0xbffff1e8, Previous frame's sp is 0xbffff1f0 Saved registers: ebp at 0xbffff1e8, eip at 0xbffff1ec Address of little_array: (gdb) print &little_array[0] $1 = 0xbfffefe8 "\020" After strcpy(): (gdb) i f Stack level 0, frame at 0xbffff1f0: eip = 0x804840d in main (victim.c:10); saved eip 0xbffff458 source language c. Arglist at 0xbffff1e8, args: argc=-1073744808, argv=0xbffff458 Locals at 0xbffff1e8, Previous frame's sp is 0xbffff1f0 Saved registers: ebp at 0xbffff1e8, eip at 0xbffff1ec So, what happened here? I used a 604 byte buffer to overflow little_array, so he certainly overwrote saved ebp, saved eip and argc and also argv with the guessed address 0xbffff458. Then, after returning, EIP pointed at 0xbffff458. But little_buffer resides at 0xbfffefe8, that`s a difference of 1136 byte, so he certainly isn't executing little_array. I followed execution with the stepi command and well, at 0xbffff458 and onwards, he executes NOPs and reaches the shellcode. I'am not quite sure why this is happening. First of all, am I correct that he executes my shellcode in argv, not little_array? And where does the loader(?) place argv onto the stack? I thought it follows immediately after argc, but between argc and 0xbffff458, there is a gap of 620 bytes. How is it possible that he successfully "lands" in the NOP-Pad at Address 0xbffff458, which is way above the saved eip at 0xbffff1ec? Can someone clarify this? I have actually no idea why this is working. My test-machine is an Ubuntu 9.10 32-Bit Machine without ASLR. victim has an executable stack, set with execstack -s. Thanks in advance.

    Read the article

  • Why are so many new languages written for the Java VM?

    - by sdudo
    There are more and more programming languages (Scala, Clojure,...) coming out that are made for the Java VM and are therefore compatible with the Java Byte-Code. I'm beginning to ask myself: Why the Java VM? What makes it so powerful or popular that there are new programming languages, which seem gaining popularity too, created for it? Why don't they write a new VM for a new language?

    Read the article

  • Communicate between separate MPI-Programs

    - by Fyg
    I have the following problem: Program 1 has a huge amount of data, say 10GB. The data in question consists of large integer- and double-arrays. Program 2 has 1..n MPI processes that use tiles of this data to compute results. How can I send the data from program 1 to the MPI Processes? Using File I/O is out of question. The compute node has sufficient RAM.

    Read the article

  • Writing " to a file in bash.

    - by S1syphus
    Simply I need to write "echo" t${count} = "$"t${count}" To a text file, including all the So the output would be something like: echo " t1 = $t1" With " as they are. So I have tried: count=1 saveIFS="$IFS" IFS=$'\n' array=($(<TEST.txt)) IFS="$saveIFS" for i in "${array[@]}" do echo "echo" t${count} = "$"t${count}"" (( count++ )) done >> long1.txt And variations on this such as: echo "echo" """"" t${count} = "$"t${count}"" But I guess the wrapping in double " is only for variables. Ideas?

    Read the article

  • warcraft3 packet infromation [closed]

    - by ajay009ajay
    Hello All, I have made a program which is fetching data from server to and game to server. I want to keep these record in my file. But my problem is this is not in good format that i can read easily. I am reading all data as "Byte" (from java). Can anybody explain header or data info of packet. so I can read it in human manner Huh thanks.

    Read the article

  • How Do I grep For non-ASCII Characters in UNIX

    - by Peter Conrey
    I have several very large XML files and I'm trying to find the lines that contain non-ASCII characters. I've tried the following: grep -e "[\x{00FF}-\x{FFFF}]" file.xml But this returns every line in the file, regardless of whether the line contains a character in the range specified. Do I have the syntax wrong or am I doing something else wrong? I've also tried: egrep "[\x{00FF}-\x{FFFF}]" file.xml (with both single and double quotes surrounding the pattern).

    Read the article

  • arbitrary input from stdin to shell

    - by python_noob
    So I have this existing command that accepts a single argument, but I need something that accepts the argument over stdin instead. A shell script wrapper like the following works, but as I will be allowing untrusted users to pass arbitrary strings on stdin, I'm wondering if there's potential for someone to execute arbitary commands on the shell. #!/bin/sh $CMD "`cat`" Obviously if $CMD has a vulnerability in the way it processes the argument there's nothing I can do, so I'm concerned stuff like this: Somehow allow the user to escape the double quotes and pass input into argument #2 of $CMD Somehow cause another arbitary command to run

    Read the article

  • Best online resource to learn Python?

    - by Sreenath
    I am new to any scripting language. But, Still I worked on scripting a bit like tailoring other scripts to work for my purpose. For me, What is the best online resource to learn Python? Some Online Resources: http://docs.python.org/tut/tut.html - Beginners http://diveintopython.org/ - Intermediate http://www.pythonchallenge.com/ - Expert Skills http://docs.python.org/ - collection of all knowledge Some more: A Byte of Python. Python 2.5 Quick Reference Python Side bar A Nice blog for beginners Think Python: An Introduction to Software Design

    Read the article

  • How to handle when SSRS does not automatically update fields based on database query?

    - by badpanda
    So I am trying to change the number of fields in my dataset in SSRS and the refresh button is not picking up the added field from the SQL server. The query is definitely returning the correct data, as I have double checked in the server engine itself. Also, I have tried manually adding the field using the SSRS menu, but as soon as I execute it disappears. Any suggestions or similar experiences?

    Read the article

  • What am I doing wrong? (Simple Assembly Loop)

    - by sunnyohno
    It won't let me post the picture. Btw, Someone from Reddit.programming sent me over here. So thanks! TITLE MASM Template ; Description ; ; Revision date: INCLUDE Irvine32.inc .data myArray BYTE 10, 20, 30, 40, 50, 60, 70, 80, 90, 100 .code main PROC call Clrscr mov esi, OFFSET myArray mov ecx, LENGTHOF myArray mov eax, 0 L1: add eax, [esi] inc esi loop L1 call WriteInt exit main ENDP END main Results in: -334881242

    Read the article

  • How to Transfer Large File from MS Word Add-In (VBA) to Web Server?

    - by Ian Robinson
    Overview I have a Microsoft Word Add-In, written in VBA (Visual Basic for Applications), that compresses a document and all of it's related contents (embedded media) into a zip archive. After creating the zip archive it then turns the file into a byte array and posts it to an ASMX web service. This mostly works. Issues The main issue I have is transferring large files to the web site. I can successfully upload a file that is around 40MB, but not one that is 140MB (timeout/general failure). A secondary issue is that building the byte array in the VBScript Word Add-In can fail by running out of memory on the client machine if the zip archive is too large. Potential Solutions I am considering the following options and am looking for feedback on either option or any other suggestions. Option One Opening a file stream on the client (MS Word VBA) and reading one "chunk" at a time and transmitting to ASMX web service which assembles the "chunks" into a file on the server. This has the benefit of not adding any additional dependencies or components to the application, I would only be modifying existing functionality. (Fewer dependencies is better as this solution should work in a variety of server environments and be relatively easy to set up.) Question: Are there examples of doing this or any recommended techniques (either on the client in VBA or in the web service in C#/VB.NET)? Option Two I understand WCF may provide a solution to the issue of transferring large files by "chunking" or streaming data. However, I am not very familiar with WCF, and am not sure what exactly it is capable of or if I can communicate with a WCF service from VBA. This has the downside of adding another dependency (.NET 3.0). But if using WCF is definitely a better solution I may not mind taking that dependency. Questions: Does WCF reliably support large file transfers of this nature? If so, what does this involve? Any resources or examples? Are you able to call a WCF service from VBA? Any examples?

    Read the article

  • Scala println in a for loop

    - by random459
    The following Scala code does just what I expect it to - it prints each line of some_file.txt. import scala.io.Source val lines = Source.fromPath("some_file.txt").mkString for (line <- lines) print(line) If I use println instead of print, I expect to see some_file.txt printed out with double-spacing. Instead, the program prints a newline after every character of some_file.txt. Could someone explain this to me? I'm using Scala 2.8.0 Beta 1.

    Read the article

  • google maps in android

    - by user367121
    Hello friends, I am a new user of google maps API in android OS. I have made a small application in which i am using google maps. I want to add a functionality that when i double click (multi touch) on a map the map should zoom in. IS there anybody who has an idea how to do this or if it is possible please provid a code example. Thanks in advance. BR, SilentCoders

    Read the article

  • Calling managed code from unmanaged win32 assembly dll - crash

    - by JustGreg
    I'm developing a serial port dll in win32 assembly (MASM32). It has its own thread checking multiple events and at a specified buffer treshold it'd notify the managed main application by calling a callback function. It just a call with no arguments/return value. At startup the main application stores the callback function's address by calling a function in the dll: pCallBackFunction dd 0 SetCallBackPointer proc pcb:DWORD mov eax, pcb mov pCallBackFunction, eax call DWORD ptr pCallBackFunction ; verify it immediately ret SetCallBackPointer endp The upper function immediately calls back the managed application callback routine for verification purposes. It is working fine. However, when I place the call instruction to other functions in the dll it crashes the application. It doesn't matter if the call is in a simple function or in the threadproc of the dll. For example: OpenPort proc pn:byte,br:dword, inputbuffersize: dword, outputbuffersize:dword, tresholdsize: dword LOCAL dcb: DCB LOCAL SerialTimeOuts: COMMTIMEOUTS call DWORD ptr pCallBackFunction xor eax, eax mov al, pn mov [com_port+3],al etc. etc. will crash at call DWORD ptr pCallBackFunction always. Since I call SetCallBackPointer first to store a valid address in pCallBackFunction, it should have a valid address. My managed app is written in C# and the relevant part is: public partial class Form1 : Form { public delegate void CallBackDelegate(); public static CallBackDelegate mydelegate; [DllImport("serialport.dll")] private static extern void SetCallBackPointer(CallBackDelegate Delegate); [DllImport("serialport.dll")] public static extern int OpenPort(byte com, uint br, uint inbufsize, uint outbufsize, uint treshsize); public Form1() { InitializeComponent(); mydelegate =new CallBackDelegate(CallbackFunction); SetCallBackPointer(mydelegate); unsafe { int sysstat; int hResult; hResult = OpenPort(Convert.ToByte('5'), 9600, 306, 4, 4); } } public static void CallbackFunction() { MessageBox.Show( "CallBack Function Called by Windows DLL"); } The VS debugger reported that the dll had tried to read/write from/to a protected memory address. But when calling SetCallBackPointer there is no such problem. What am I doing wrong here? Any tips would be great!

    Read the article

  • JarOutputStream put parent folder before my-wanted folder

    - by adhitya kristanto
    I tried to make jar with code from How to use JarOutputStream to create a JAR file? but that code always makes new parent folder of my input file/folder before it's inserted into .jar Folder's Path that I want to be added into jar: C:/Trial/MyFolder Folder that I want in MyJar.jar: MyFolder But Folder that was inserted in MyJar.jar: Trial Has it to be done that way? Thanks. here is the code: import EditorXML.GlobalStatus.GlobalStatus; import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.util.jar.JarEntry; import java.util.jar.JarOutputStream; /** * * @author Photosphere */ public class JarCreatingProgram { public JarCreatingProgram() { } public void proceedNow() throws IOException{ File ed = new File("C:/Trial/EditingDini"); File meta = new File("C:/Trial/META-INF"); File net = new File("C:/Trial/net"); File org = new File("C:/Trial/org"); JarOutputStream target = new JarOutputStream(new FileOutputStream("D:/EditingDiniApp.jar")); add(ed, target); add(meta, target); add(net, target); add(org, target); target.close(); } private static void add(File source, JarOutputStream target) throws IOException { BufferedInputStream in = null; try{ if (source.isDirectory()) { String name = source.getPath().replace("\\", "/"); if (!name.isEmpty()) { if (!name.endsWith("/")) name += "/"; JarEntry entry = new JarEntry(name); entry.setTime(source.lastModified()); target.putNextEntry(entry); System.out.println("ENTRY DALAM IF: "+entry.toString()); target.closeEntry(); } for (File nestedFile: source.listFiles()) add(nestedFile, target); return; } JarEntry entry = new JarEntry(source.getPath().replace("\\", "/")); entry.setTime(source.lastModified()); target.putNextEntry(entry); in = new BufferedInputStream(new FileInputStream(source)); System.out.println("ENTRY: "+entry.toString()); byte[] buffer = new byte[1024]; while (true) { int count = in.read(buffer); if (count == -1) break; target.write(buffer, 0, count); } target.closeEntry(); } finally{ if (in != null) in.close(); } } }

    Read the article

  • jQuery action being called when selector isn't met?

    - by dougoftheabaci
    I've been working on a prototype for a client's web site and I've run into a rather significant snag. You can view the prototype here. As you can see, the way it works is you can scroll a set of slides horizontally and, by clicking one, open a stack containing yet more slides. If you then click again on an image in that stack it opens up a lightbox. Clicking on another stack or the close button will close that stack (and open another, as case may be). That all works great. However you get some weird behavior if you do the following: Click to open any stack. Click to open an image's light box (this works best if you click on the image that's level with the main list). Close the light box and the stack either by clicking the close button or clicking on another stack. Click back to the first stack. Instead of reopening the stack, you get the lightbox. This confuses me as the light box should only ever be called if there is a class on the containing UL and that class is removed when the lightbox is closed. I've checked and double-checked this, it's definitely missing. Here are the respective functions: $("ul.hide a.lightbox").live("click",function(){ $("ul.show").removeClass("show").addClass("hide"); $(this).parent().parent().removeClass("hide").addClass("show"); $("ul.hide").animate({opacity: 0.2}); $("ul.show").animate({opacity: 1}); $("#next").animate({opacity: 0.2}); $("#prev").animate({opacity: 0.2}); return false; }); $("ul.show a.lightbox").live("click",function(){ $(this).fancybox().trigger("click"); return false; }); As you can see, in order for the lightbox to be called the containing UL has to have the class of show. However, if you check it with Firebug it won't. For those who are curious, the added .trigger("click"); is because the lightbox will require a double-click to launch otherwise. Any idea how I can fix this?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 197 198 199 200 201 202 203 204 205 206 207 208  | Next Page >