No Signal
Posted: 12/07/2008
This is an attempt to list some information in the event that it may help.
I recently run into an issue with my pc where my monitor would lose signal (no signal) and present me with a blank/black screen.
This happened at the "welcome" screen of the normal windows start up process.
When the monitor had lost signal, I noticed that if I turned my monitor off and then on, the picture would be displayed as normal, but at a very low resolution 1024x768 or 800x600.
Next thing I noticed after logging in was that the monitor was set to "Generic Non PnP Monitor" (not sure if that causes any issues) .
I was also not able to select any resolution above 1024x768. Booting in safe mode didn't seem to have the same issue, and the default window drivers also didn't have the same issue (in fact I could actually change the resolution above 1024x768!!!).
After uninstall/re-installing various drivers for the Nvidia 9800 GTX
(using Driver Cleaner Pro to force a clean installation, and drivers 175.16, 175.19, etc...),
I noticed that the nvidia control panel in the "Manage custom resolutions" settings had the "Treat as HDTV" option enabled.
This seemed very odd and my guess is the drivers are detecting my monitor as an actual tv.
My monitor is actually a Chimei 221D (actually a very nice LCD monitor).
Now I also tried various things to attempt to correct the detection (some web sites suggest resetting the EDID) but nothing seemed helped.
What did help was simply turning off my complete workstation at the wall socket and letting the complete system rest for 5 minutes and turning everything back on!!!. The next time I booted, all was back to normal. Resolution was correct, options in the nvidia control panel were as they should be and I was happy!
I've been told you guys in other parts of the world don't have wall socket switches, so I suggest unplugging the devices from the wall. Especially ensure you unplug your monitor and pc (just to be clear here)... The really sad thing here is that I experienced the exact same issue with a ATI X1950 AGP card! But in that instance most people had put it down to power supply (and I spent some $$$ trying to correct it). Although I have a suspicion that it is the same issue and can recall doing a complete power off also!!!
Top Gear Map
Posted: 11/06/2008
I've been playinng GRID lately and although is a great game (the visuals have to be seen to be believed) sometimes it seems the ai cars have a little more grip then I do! I mean when traveling the same speed, same make/model car, following the same race line and I fly off into the barrier... it seems somethings up Jim!
Here is two vids of the game... vid 1 and vid 2.
Free stuff
Posted: 27/05/2008
After re-installing my operating system (new pc, not the usually reasons ...), I have been looking for a "nice" decompressing tool and a "nice" notepad replacement.
Oh and when I mean "nice"; I want something that is free, small, and does it's job well (is that too much to ask).
Let me introduce you to jZip and PSPad.
Oh and I have my blue badge.
Back baby
Posted: 07/05/2008
I'm back after having an awesome 12 day cruise around Fiji, New Caledonia and Vanuatu.
Of all the islands visited, Vanuatu was easily the best, from the crystal clear water to the friendly inhabitants!
Obviously I have a heap of photos, but I can't really be ass'd putting them up here.
Oh and it seems I re-discovered facebook ... and you know there is no way I'm going to have time to manage both!
Cruisin
Posted: 16/04/2008
Well, finally some interesting news. I have finally received my contract from Microsoft!
What does that mean?
Well that means I'm going to start working there in the next couple of weeks.
Should be interesting... (I seem to be saying that allot lately).
Published
Posted: 10/04/2008
In my brief stint in the anti-virus research area, one of my research tasks has actually been published! Link to article: Win32/SillyAutorun.D
It's nothing really nasty or difficult, but interesting all the same.
Please reboot to complete the update process...
Posted: 09/04/2008
Well it seems I have finally updated the web page. Not sure I like it yet...
Although I'm not going to try and fool anybody, it probably won't get any better!
Oh and the previous items are from a web blog I was maintaining at work.
There is lots of interesting stuff, that I really don't want to lose.
My intentions are to keep this site updated with various things I come across during my hours of "play". It should be interesting...
Tschüs
Fuzzing
Posted: 31/03/2008
Fuzz testing or fuzzing is a software testing technique that provides random data ("fuzz") to the inputs of a program. If the program fails (for example, by crashing, or by failing built-in code assertions), the defects can be noted.
Fuzz testing is often used in large software development projects that perform black box testing. These usually have a budget to develop test tools, and fuzz testing is one of the techniques which offers a high benefit to cost ratio.
However, fuzz testing is not a substitute for exhaustive testing or formal methods: it can only provide a random sample of the system's behavior, and in many cases passing a fuzz test may only demonstrate that a piece of software handles exceptions without crashing, rather than behaving correctly. Thus, fuzz testing can only be regarded as a bug-finding tool rather than an assurance of quality.
Push and Shove
Posted: 31/03/2008
PUSH + RET = JMP
Jump
Posted: 31/03/2008
Jump table starts with: FF 25
Finding VB OEP
Posted: 31/03/2008
Search for "VB5!", note address.
Address of string is pushed onto the stack.
ThunRTMain is called
Jump
Posted: 31/03/2008
Jump table starts with: FF 25
PUSH XXXX - XXX = address of VB5!
CALL XXXX - XXX = address of MSVCVM60.ThunRTMain
Developmestruction
Posted: 31/03/2008
I found a new word today: developmestruction
A development / test / production environment.
Syntactic Sugar
Posted: 31/03/2008
Meaning something that, like sweets, isn't necessary, but tastes good.
Parameter vs Argument
Posted: 31/03/2008
Parameter comes from term "formal parameter" (subroutine parameter).
Argument comes from term "actual argument" (argument value).
void func(int n, char * pc); //n and pc are parameters
template
class A {}; //T is a a parameter
int main()
{
char c;
char *p = &c;
func(5, p); //5 and p are arguments
A
a; //'long' is an argument
A
another_a; //'char' is an argument
return 0;
}
To fault or not to fault
Posted: 31/03/2008
Error: An error is something that you do wrong.
Fault: A fault is the consequence of an error.
Failure: A fault may cause a failure. It may not.
Bug: The term bug is a colloquialism, often used as a synonym for fault.
Many fragments. Some large, some small...
Posted: 31/03/2008
Unit Test: The testing of atomic units: each class or function.
Component Test: Validates the combination of one or more units into a full component (often this is what people mean by unit test).
Integration Test: Tests the combination of components as they are brought together in the system, ensuring that they interconnect properly.
Regression Test: This is retesting after fixes or modifications are made to the software or to its environment.
Load Test: Tests to ensure that your code can handle the expected volume of data being thrown at it.
Stress Test: Tests that throw a huge amount of data at the code within a short space of time to see what it does.
Soak Test: The focus is on running at a high load for a prolonged period of time—several days, weeks, or even months—to identify any performance problems that appear after a large number of operations have been executed.
Usability Test: Ensures that your software can be used easily by a short sighted gerbil.
Black vs White
Posted: 31/03/2008
Black Box Test: Tests compare actual functionality against intended functionality (functional testing).
White Box Test: It is a code-coverage–based approach. Each line of code is scrutinized systematically to ensure correctness (structural testing).
Malfunction. Need input
Posted: 31/03/2008
Good input, Bad input, Boundary values, Random data and Zero.
Bugzilla Guidelines
Posted: 31/03/2008
Be precise.
Be clear - explain it so others can reproduce the bug.
One bug per report.
No bug is too trivial to report - small bugs may hide big bugs.
Clearly separate fact from speculation.
Bugzilla Preliminaries
Posted: 31/03/2008
Reproduce your bug using a recent build of the software, to see whether it has already been fixed.
Search Bugzilla, to see whether your bug has already been reported.
Heap
Posted: 31/03/2008
NoMansLand (0xFD) - The "NoMansLand" buffers on either side of the memory used by an application are currently filled with 0xFD.
Freed blocks (0xDD) - The freed blocks kept unused in the debug heap's linked list when the _CRTDBG_DELAY_FREE_MEM_DF flag is set are currently filled with 0xDD.
New objects (0xCD) - New objects are filled with 0xCD when they are allocated.
The 10% of people who know the least, make 90% of the noise...
Posted: 31/03/2008
Enough said...
Never-ending Quantum
Posted: 31/03/2008
In NT, as with most time-sharing operating systems, threads run in turns called quantums. Normally, a thread executes until its quantum runs out. The next time it is scheduled it starts with a full quantum. However, in NT a thread also gets its quantum refreshed every time its thread or process priority is set. This means that a thread can reset its quantum by calling SetThreadPriority (without changing its priority) before its turn runs out. If it continues to do this it will effectively have an infinite quantum. Why does NT do this" Its not clear, but it appears to be a bug.
From msdn article: Systems Internals Tips and Trivia
The Jedi Way
Posted: 31/03/2008
I usually create a small unit test app when I'm trying to find out how things work.
Today I found that somebody has coined the term "The Jedi Way" or "Star Wars Consult" in the immortal words of Obi-Wan Kenobi - "Use the source Luke!"
Threats - STRIDE
Posted: 31/03/2008
Spoofing - When an attacker pretends to be someone they're not. Use authentication.
Tampering - When the attacker modifies data in transit. Use digital signatures and message authentication codes.
Repudiation - When an attacker can perform a task you can not verify. Use secure logs and audit records.
Information disclosure - When an attacker can access data that is they should not have access to. Use encryption and ACLs.
Denial of service - When an attacker can degrade or deny service to users. Use ACLs, firewall filter rules, disk and processor quotas, design patterns that allow high availability.
Elevation of privilege - When an attacker has the ability to gain privileges that they'd not normally have. Use ACLs and other forms of permission checks and input validation.
From Larry Osterman's weblog.
Threat Model - Elements
Posted: 31/03/2008
External Entities: Spoofing, Repudiation. Since an external entity could be anything, including the human being interacting with the component, Tampering, Information Disclosure, Denial of Service and Elevation of Privilege threats don't really make sense). On the other hand, you can absolutely spoof a human being, and human beings can repudiate operations.
Processes: Processes are subject to all of the STRIDE threats (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege).
Data Stores: Tampering, Information Disclosure, Denial of Service (as I mentioned above, EoP etc don't really apply to static stores), and repudiation.
Data Flows: Tampering, Information Disclosure, Denial of Service.
From Larry Osterman's weblog.
Dll's the real story
Posted: 31/03/2008
This is another example of how a relatively small change to an application (removing a dependency on shlwapi32.dll) can have significant benefits to the application - as I've mentioned in previous posts, each DLL you load consumes 4 private pages and takes between 500 thousand and a million cycles to load. If you can remove that dependency, your application will thus load faster.
From Larry Osterman's weblog.
Malware Vmware Detection
Posted: 31/03/2008
Malware routines check where IDT (Interrupt Descriptor Table) is located in memory, at which memory address.
Normally, a Windows-based pc locates IDT at address 0x80xxxxxx but emulated machine locate it in different memory address spaces. VMWare, for example, locates IDT at 0xffxxxxxx address whilst VirtualPC locates it at 0xe8xxxxxx address. So, routine checks if the IDT memory address is major of 0xDxxxxxxx. If so, then dll is running on a emulated machine and stop its infection payload.
From Marco Giuliani: The strange case of Dr.Rootkit and Mr.Adware
Lessons Learned Building More Secure Software
Posted: 31/03/2008
It's Not Just the Code
Fix Old Code First
Deprecate! Eliminate! Eradicate!
Tools Are Critical - to a Point
Automate!
You'll Never Reach Zero Security Vulnerabilities
Security Is a Never-Ending Battle
There Is No Security Silver Bullet
The "Many Eyeballs" Mantra Is Right!
Today's Denial of Service Is Tomorrow's Exploit
ANT Config
The ant.bat script makes use of three environment variables - ANT_HOME, CLASSPATH and JAVA_HOME. Ensure that if these variables are set, they do not have quotes (either ' or ") and they do not end with or with /.
