The document discusses challenges in reversing object-oriented C++ code and malware. It presents approaches used by the HexRaysCodeXplorer plugin for IDA to assist with reconstructing object types and navigating virtual methods in decompiled code. The plugin allows partially reconstructing object types from initialization routines and traversing related virtual methods. It has features for position independent code and supports IDA x64.
HexRaysCodeXplorer: make object-oriented RE easierAlex Matrosov
HexRaysCodeXplorer - Hex-Rays Decompiler plugin for easier code navigation. Here are the main features of the plugin:
- Automatic type REconstruction for C++ objects.
- C-tree graph visualization – a special tree-like structure representing a decompiled routine in c_itemt terms. Useful feature for understanding how the decompiler works.
- Navigation through virtual function calls in HexRays Pseudocode window.
- Object Explorer – useful interface for navigation through virtual tables (VTBL) structures.
In this presentation authors of HexRaysCodeXplorer will be discussing main functionality of the plugin and its application for reverse engineering. The authors will be presenting the algorithm for C++ type REconstruction. Also a special version of HexRaysCodeXplorer (ZeroNigths edition) will be released with new features developed specially for ZeroNights conference. New features will be committed GitHub from the stage
HexRaysCodeXplorer: object oriented RE for fun and profitAlex Matrosov
HexRaysCodeXplorer - Hex-Rays Decompiler plugin for easier code navigation. Here are the main features of the plugin:
- Automatic type REconstruction for C++ objects.
- C-tree graph visualization - a special tree-like structure representing a decompiled routine in c_itemt terms. Useful feature for understanding how the decompiler works.
- Navigation through virtual function calls in HexRays Pseudocode window.
- Object Explorer - useful interface for navigation through virtual tables (VTBL) structures.
In this presentation, the authors of HexRaysCodeXplorer will be discussing main functionality of the plugin and its application for reverse engineering. The authors will be presenting the algorithm for C++ type REconstruction. Also a special version of HexRaysCodeXplorer (H2HC edition) will be released with new features developed specially for H2Cconference. New features will be committed to GitHub from the stage.
HexRaysCodeXplorer: make object-oriented RE easierAlex Matrosov
HexRaysCodeXplorer - Hex-Rays Decompiler plugin for easier code navigation. Here are the main features of the plugin:
- Automatic type REconstruction for C++ objects.
- C-tree graph visualization – a special tree-like structure representing a decompiled routine in c_itemt terms. Useful feature for understanding how the decompiler works.
- Navigation through virtual function calls in HexRays Pseudocode window.
- Object Explorer – useful interface for navigation through virtual tables (VTBL) structures.
In this presentation authors of HexRaysCodeXplorer will be discussing main functionality of the plugin and its application for reverse engineering. The authors will be presenting the algorithm for C++ type REconstruction. Also a special version of HexRaysCodeXplorer (ZeroNigths edition) will be released with new features developed specially for ZeroNights conference. New features will be committed GitHub from the stage
HexRaysCodeXplorer: object oriented RE for fun and profitAlex Matrosov
HexRaysCodeXplorer - Hex-Rays Decompiler plugin for easier code navigation. Here are the main features of the plugin:
- Automatic type REconstruction for C++ objects.
- C-tree graph visualization - a special tree-like structure representing a decompiled routine in c_itemt terms. Useful feature for understanding how the decompiler works.
- Navigation through virtual function calls in HexRays Pseudocode window.
- Object Explorer - useful interface for navigation through virtual tables (VTBL) structures.
In this presentation, the authors of HexRaysCodeXplorer will be discussing main functionality of the plugin and its application for reverse engineering. The authors will be presenting the algorithm for C++ type REconstruction. Also a special version of HexRaysCodeXplorer (H2HC edition) will be released with new features developed specially for H2Cconference. New features will be committed to GitHub from the stage.
When you are about to delete an object, how do you know that it is not being used in another thread?
How can you tell if the object is still alive before you trying call its member function? Is it being destructed in another thread?
An introduction to Rust: the modern programming language to develop safe and ...Claudio Capobianco
Rust is a young programming language developed by Mozilla with the open source community support. According to a survey of StackOverflow, in 2016 was the most loved among developers language! The goal of Rust is to combine control and performances, that is, operate at low level with high-level constructs. The actual applications vary from operating system to web development. Rust natively includes tools for Agile development, such as dependency management, testing and much more. The gap with other popular languages is filling up quickly thanks to the community, very active and fantastic :)
In this introductory presentation we will discuss the characteristics that make Rust unique, including the concepts of Ownership, Borrowing, and Lifetimes.
These slide has be presented for a talk in BIC Lazio Casilina, that has been also the first meetup of Rust Rome!
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...CODE BLUE
In this talk, we are going to disclose two unconventional Use-after-free kernel bugs on Android we found last year, and introduce the new techniques we used to make these exploits 100% reliable.
The first bug is CVE-2017-0403, which we used to gain root privilege on almost all devices shipped with 3.10 or earlier Linux kernel last year. So far more than 14 million users have successfully rooted their smartphones with this exploit. With this vulnerability, an attacker only can overwrite the freed object at a fixed offset with a pointer to object itself. How to achieve kernel code execution with this bug can be very challenging.To solve the problem, we propose a new method which is using iovec to re-fill the freed object and compromising the pipe subsystem in kernel.In this way we can covert this unusual memory corruption to arbitrary kernel memory overwriting.
The second bug is CVE-2016-6787. The bug is an UAF due to race condition, may corrupt a critical kernel structure, and lead to the kernel crash when scheduler switched context back to attacker's process. So we'll introduce a way to freeze the attacker's process soon after UAF happened ,stop kernel from crashing, and make the exploit reliable.
In summary, this presentation gives out the new techniques of exploiting use-after-free bugs we just found in Android kernel. The ideas of exploitation are fresh, detail of bugs is also never discussed before.
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
Cryptography for Java Developers
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA
About the Speaker
What is Cryptography?
Cryptography in Java – APIs and Libraries
Hashes, MAC Codes and Key Derivation (KDF)
Encrypting Passwords: from Plaintext to Argon2
Symmetric Encryption: AES (KDF + Block Modes + IV + MAC)
Digital Signatures, Elliptic Curves, ECDSA, EdDSA
Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples
Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM
Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
From Zero To Production (NixOS, Erlang) @ Erlang Factory SF 2016Susan Potter
This talk will introduce the audience to the Nix packaging, NixOS, and related ecosystem tools for Erlang/Elixir developers.
By reviewing common development, testing, and deployment problems we will look at what Nix has to offer to aid Erlang/Elixir developers in these areas.
From seamless developer environment bootstrapping to consistent CI environments and beyond.
Festi botnet analysis and investigationAlex Matrosov
The botnet Festi has been in business since the autumn of 2009 and is currently one of the most powerful and active botnets for sending spam and performing DDoS attacks. Festi is an interesting and untypical malware family implementing rootkit functionality with strong protection against reverse engineering and forensic analysis. It is capable of bypassing sandboxes and automated trackers using some advanced techniques such as inserting timestamps in its communication protocol, detecting virtual machines, and subverting personal firewalls and HIPS systems.
The bot consists of two parts: the dropper, and the main module, the kernel‐mode driver, which is detected by ESET as Win32/Rootkit.Festi. The malware's kernel-mode driver implements backdoor functionality and is capable of:
- Updating configuration data from the C&C (command and control server);
- Downloading additional dedicated plugins.
In our presentation we will concentrate on the latest Festi botnet update from June 2012 and offer comprehensive information gleaned from our investigations, furnishing details on developers of the botnet and reverse engineering of the bot’s main components – the kernel-mode driver and the plugins (DDoS, Spam). The presentation starts with a description of our investigation and an account of how the Festi botnet evolved over time. We will present a binary analysis kernel-mode driver and downloaded plugins – volatile kernel-mode modules which aren’t saved on any storage device in the system, but in memory, making forensic analysis of the malware significantly more difficult. The presentation also covers such aspects of Festi as its ability to bypass personal firewalls and HIPS systems that may be installed on the infected machine. We will give details of the Festi network communication protocol architecture, based on using the TCP/IP stack implementation in the Microsoft Windows Operating System to communicate with C&C servers, send spam and perform DDoS attacks. And finally, we will describe several self-protective features and techniques of the botnet communication protocol used to bypass sandboxes and trackers.
When you are about to delete an object, how do you know that it is not being used in another thread?
How can you tell if the object is still alive before you trying call its member function? Is it being destructed in another thread?
An introduction to Rust: the modern programming language to develop safe and ...Claudio Capobianco
Rust is a young programming language developed by Mozilla with the open source community support. According to a survey of StackOverflow, in 2016 was the most loved among developers language! The goal of Rust is to combine control and performances, that is, operate at low level with high-level constructs. The actual applications vary from operating system to web development. Rust natively includes tools for Agile development, such as dependency management, testing and much more. The gap with other popular languages is filling up quickly thanks to the community, very active and fantastic :)
In this introductory presentation we will discuss the characteristics that make Rust unique, including the concepts of Ownership, Borrowing, and Lifetimes.
These slide has be presented for a talk in BIC Lazio Casilina, that has been also the first meetup of Rust Rome!
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...CODE BLUE
In this talk, we are going to disclose two unconventional Use-after-free kernel bugs on Android we found last year, and introduce the new techniques we used to make these exploits 100% reliable.
The first bug is CVE-2017-0403, which we used to gain root privilege on almost all devices shipped with 3.10 or earlier Linux kernel last year. So far more than 14 million users have successfully rooted their smartphones with this exploit. With this vulnerability, an attacker only can overwrite the freed object at a fixed offset with a pointer to object itself. How to achieve kernel code execution with this bug can be very challenging.To solve the problem, we propose a new method which is using iovec to re-fill the freed object and compromising the pipe subsystem in kernel.In this way we can covert this unusual memory corruption to arbitrary kernel memory overwriting.
The second bug is CVE-2016-6787. The bug is an UAF due to race condition, may corrupt a critical kernel structure, and lead to the kernel crash when scheduler switched context back to attacker's process. So we'll introduce a way to freeze the attacker's process soon after UAF happened ,stop kernel from crashing, and make the exploit reliable.
In summary, this presentation gives out the new techniques of exploiting use-after-free bugs we just found in Android kernel. The ideas of exploitation are fresh, detail of bugs is also never discussed before.
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
Cryptography for Java Developers
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA
About the Speaker
What is Cryptography?
Cryptography in Java – APIs and Libraries
Hashes, MAC Codes and Key Derivation (KDF)
Encrypting Passwords: from Plaintext to Argon2
Symmetric Encryption: AES (KDF + Block Modes + IV + MAC)
Digital Signatures, Elliptic Curves, ECDSA, EdDSA
Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples
Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM
Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
From Zero To Production (NixOS, Erlang) @ Erlang Factory SF 2016Susan Potter
This talk will introduce the audience to the Nix packaging, NixOS, and related ecosystem tools for Erlang/Elixir developers.
By reviewing common development, testing, and deployment problems we will look at what Nix has to offer to aid Erlang/Elixir developers in these areas.
From seamless developer environment bootstrapping to consistent CI environments and beyond.
Festi botnet analysis and investigationAlex Matrosov
The botnet Festi has been in business since the autumn of 2009 and is currently one of the most powerful and active botnets for sending spam and performing DDoS attacks. Festi is an interesting and untypical malware family implementing rootkit functionality with strong protection against reverse engineering and forensic analysis. It is capable of bypassing sandboxes and automated trackers using some advanced techniques such as inserting timestamps in its communication protocol, detecting virtual machines, and subverting personal firewalls and HIPS systems.
The bot consists of two parts: the dropper, and the main module, the kernel‐mode driver, which is detected by ESET as Win32/Rootkit.Festi. The malware's kernel-mode driver implements backdoor functionality and is capable of:
- Updating configuration data from the C&C (command and control server);
- Downloading additional dedicated plugins.
In our presentation we will concentrate on the latest Festi botnet update from June 2012 and offer comprehensive information gleaned from our investigations, furnishing details on developers of the botnet and reverse engineering of the bot’s main components – the kernel-mode driver and the plugins (DDoS, Spam). The presentation starts with a description of our investigation and an account of how the Festi botnet evolved over time. We will present a binary analysis kernel-mode driver and downloaded plugins – volatile kernel-mode modules which aren’t saved on any storage device in the system, but in memory, making forensic analysis of the malware significantly more difficult. The presentation also covers such aspects of Festi as its ability to bypass personal firewalls and HIPS systems that may be installed on the infected machine. We will give details of the Festi network communication protocol architecture, based on using the TCP/IP stack implementation in the Microsoft Windows Operating System to communicate with C&C servers, send spam and perform DDoS attacks. And finally, we will describe several self-protective features and techniques of the botnet communication protocol used to bypass sandboxes and trackers.
Defeating x64: The Evolution of the TDL RootkitAlex Matrosov
n this presentation we will be discussing the evolution of the notorious rootkit TDL (classified by ESET as Win32/Olmarik and Win64/Olmarik) which in its latest incarnation is the first widespread rootkit to target 64-bit versions of Microsoft Windows operating systems. The most striking features of the rootkit are its ability to bypass Microsoft Windows Driver Signature Checking in order to load its malicious driver, and its implementation of its own hidden encrypted file system, in which to store its malicious components. Between its first appearance on the malware scene and the present its architecture has been drastically changed several times to adapt to new systems and respond to countermeasures introduced by antivirus and HIPS software. In the presentation we will cover the the following topics: the evolution of the user-mode and kernel-mode components of the rootkit; techniques it has used to bypass HIPS; modifications to the hidden file system; bootkit functionality; tne recently introduced ability to infect x64 operating systems; and, finally, approaches to removing the rootkit from an infected system. In addition, we will present our free forensic tool for dumping the hidden rootkit file system.
Carberp Evolution and BlackHole: Investigation Beyond the Event HorizonAlex Matrosov
In this presentation we will be discussing the evolution of the remote banking system attacks (RBS) in Russia. The year 2011 could be described as a year of tremendous growth of attacks on Russian bank clients. In this year alone the quantity of incidents relating to RBS has doubled. The profits available to the malefactor’s are almost beyond imagining; one controller of bank botnet could bring millions in profit to its herder. We will concentrate on these issues with specific reference to examples of incidents associated with the largest cybercriminal group in Russia, employing one of the most dangerous malware families to date: Win32/Carberp: our statistics indicate, among other things, that In November Carberp detections increased up to four times in the Russian region. We will also look at the ways in which this group is cooperating with the developers of the Hodprot, RDPdoor and Sheldor trojans. The presentation starts with a description of the propagation techniques used to deliver Carberp to its victim’s machines from a large number of legitimate web sites, using the BlackHole exploit kit. Different types of attacks used to target the clients of major Russian banks are also considered. Then we will move on to deep in-depth analysis of Сarberp’s features and its evolution in time (webinjects, targeted attacks on RBS, bypassing detections with bootkit technology). Particular attention will be devoted to the bootkit component and the related capabilities which have appeared in the most recent modification of the malware. Finally, we will show the way that the server-side C&C code works and how the client’s money is stolen with a set of dedicated plugins.
Smartcard vulnerabilities in modern banking malwareAlex Matrosov
The past few years have seen a rapid growth of threats targeting the Russian system of RBS (Shiz, Carberp, Hodprot, RDPdoor, Sheldor). Attackers can steal huge amounts of money, estimated at tens of millions monthly. The speaker will describe the study of the most common banking malware, as well as the discovery of interesting vulnerabilities by using two-factor authentication and smart cards. The report also discusses techniques and tricks that are used by hackers to conduct anti-forensics.
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
Versions of Microsoft Windows 64 bits were considered resistant against kernel mode rootkits because integrity checks performed by the system code. However, today there are examples of malware that use methods to bypass the security mechanisms Implemented. This presentation focuses on issues x64 acquitectura security, specifically in the signature policies kernel mode code and the techniques used by modern malware to sauté. We analyze the techniques of penetration of the address space of kernel mode rootkits used by modern in-the-wild: - Win64/Olmarik (TDL4) - Win64/TrojanDownloader.Necurs (rootkit dropper) - NSIS / TrojanClicker.Agent.BJ (rootkit dropper) special attention is given to bootkit Win64/Olmarik (TDL4) for being the most prominent example of a kernel mode rootkit aimed at 64-bit Windows systems. Detail the remarkable features of TDL4 over its predecessor (TDL3/TDL3 +): the development of user mode components and kernel mode rootkit techniques used to bypass the HIPS, hidden and system files as bootkit functionality. Finally, we describe possible approaches to the removal of an infected computer and presents a free forensics tool for the dump file system hidden TDL.
Bootkit threats have always been a powerful weapon in the hands of cybercriminals, allowing them to establish persistent and stealthy presence in their victims' systems. The most recent notable spike in bootkit infections was associated with attacks on 64-bit versions of the Microsoft Windows platform, which restrict the loading of unsigned kernel-mode drivers. However, these bootkits aren't effective against UEFI-based platforms. So, are UEFI-based machines immune against bootkit threats (or would they be)?
The aim of this presentation is to show how bootkit threats have evolved over time and what we should expect in the near future. Firstly, we will summarize what we've learned about the bootkits seen in the wild targeting the Microsoft Windows platform: from TDL4 and Rovnix (which was used by the Carberp banking trojan) up to Gapz (which employs one of the stealthiest bootkit infection techniques seen so far). We will review their infection approaches and the methods they have employed to evade detection and removal from the system.
Secondly, we will look at the security of the increasingly popular UEFI platform from the point of view of the bootkit author, as UEFI is becoming a target of choice for researchers in offensive security, and proof-of-concept bootkits targeting Windows 8 OS using UEFI have already been released. We will focus on various attack vectors against UEFI and discuss available tools and what measures should be taken to mitigate against them.
Win32/Flamer: Reverse Engineering and Framework ReconstructionAlex Matrosov
In this talk one wouldn’t see any speculations on state-sponsored cyber-espionage and сonspirology theories on cyber weapon development. In the presentation authors will concentrate on different approaches to analysis of the malware based on object oriented architecture with respect to one of the most complex threat ever known while AV industry exists: Win32/Flamer. The authors will present methods of analysis of the malware developed in the course of research of such threats as Stuxnet, Duqu and Festi. The talk will shed light on the problems the researchers face during investigation of complex threats and the ways to deal with them using tools by Hex-Rays. The authors will also present the result of research on reconstructing framework which was used to construct Win32/Flamer and will show its similarity with Stuxnet/Duqu/Gauss with respect to code and architecture.
Cybercrime in Russia: Trends and IssuesAlex Matrosov
This report focuses on the development of Russian cybercrime. Firstly, it summarizes the economic and geopolitical factors that underlie computer crime, and which must be taken into consideration by researchers seeking to predict upcoming developments in cybercrime and cybercrime targeting. It goes on to look at the other ways in which Russian presence in the criminal cybersphere can be tracked, considering the technical approaches used by hackers in the region, how they link with economic and geographic factors, as well as with the part played by law enforcement in the investigation of international computer crimes.
The presentation will cover the following topics:
1. How cybercrime is interlinked with economic and geographical factors in Russia. The implications of the banking and instant payment systems of the Russian Federation.
2. Law Enforcement. The laws that currently obtain in the area of Russian computer crime: Legal evasions and loopholes.
3. Technical trends. The use of botnets to steal money from the Internet banking system for corporate clients: Technological and statistical analysis of the malware families involved, the organizational structures of the perpetrators, and the calculation of damages.
4. Successfully prosecuted cases in 2010. Complex investigation: spam affiliates, the WinLock case and others.
5. How DDoS attacks and botnet operations in Russian networks were tracked in co-operation with the Russian honeynet Project.
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
The talk I gave at Black Hat USA 2016 on Anti Malware Scan Interface. The talk looks at what good AMSI brings to Windows 10 and various methods of avoiding/bypassing it.
4Developers 2018: Ile (nie) wiesz o strukturach w .NET (Łukasz Pyrzyk)PROIDEA
Kiedy ostatnio stworzyłeś nową strukturę pisząc aplikację w .NET? Wiesz do czego wykorzystywać struktury i jak mogą one zwiększyć wydajność Twojego programu? W prezentacji pokażę czym charakteryzują się struktury, jak dużo różni je od klas oraz opowiem o kilku ciekawych eksperymentach.
OSCON 2014 - API Ecosystem with Scala, Scalatra, and Swagger at NetflixManish Pandit
In this talk I’d like to introduce the Scala-based API stack at Partner Innovation Group at Netflix. After seeing a massive growth in the business model and the device ecosystem, we needed a system that could scale and be flexible at the same time. Scala provided the answer and we started with a basic set of APIs which, since then, has evolved towards complex but flexible business flows. Supporting metadata for over hundreds of brands and thousands of devices, the API development has followed a well thought-out, test-driven approach, git-flow, and what most API developers dread – documentation. I will talk about the architecture of the RESTful APIs, and the development + deployment process. We use Netflix-OSS components heavily in the architecture and cloud deployment, so I will cover them as well.
Swagger is what we used for type-safe documentation, which is really easy to use and integrate. I will briefly talk about customizations we’ve done to Swagger in order to make it far more usable at Netflix.
Throughout this effort there were lessons to be learnt, and plenty of best practices and recommendations for anyone starting out to build RESTful APIs, regardless of the platform or stack of choice. It’d be a great opportunity for me to walk through the architecture, and talk about the various components, technologies, and practices that are seeing increasing adoption in the modern, API driven landscape.
QA Lab: тестирование ПО. Станислав Шмидт: "Self-testing REST APIs with API Fi...GeeksLab Odessa
5.12.15 QA Lab: тестирование программного обеспечения.
Upcoming events: goo.gl/I2gJ4H
Доклад о Play-Swagger, проекте с открытым исходным кодом, разрабатываемом в Zalando с использованием Scala и Play Framework. О том, как использование API First и Swagger позволяет ускорить процесс разработки, упростить взаимодействие команд и повысить качество продукта.
Domain-Specific Languages for Composable Editor Plugins (LDTA 2009)lennartkats
Modern IDEs increase developer productivity by incorporating many different kinds of editor services. These can be purely syntactic, such as syntax highlighting, code folding, and an outline for navigation; or they can be based on the language semantics, such as in-line type error reporting and resolving identifier declarations. Building all these services from scratch requires both the extensive knowledge of the sometimes complicated and highly interdependent APIs and extension mechanisms of an IDE framework, and an in-depth understanding of the structure and semantics of the targeted language. This paper describes Spoofax/IMP, a meta-tooling suite that provides high-level domain-specific languages for describing editor services, relieving editor developers from much of the framework-specific programming. Editor services are defined as composable modules of rules coupled to a modular SDF grammar. The composability provided by the SGLR parser and the declaratively defined services allows embedded languages and language extensions to be easily formulated as additional rules extending an existing language definition. The service definitions are used to generate Eclipse editor plugins. We discuss two examples: an editor plugin for WebDSL, a domain-specific language for web applications, and the embedding of WebDSL in Stratego, used for expressing the (static) semantic rules of WebDSL.
Applying Compiler Techniques to Iterate At Blazing SpeedPascal-Louis Perez
In this session, we will present real life applications of compiler techniques helping kaChing achieve ultra confidence and power its incredible 5 minutes commit-to-production cycle [1]. We'll talk about idempotency analysis [2], dependency detection, on the fly optimisations, automatic memoization [3], type unification [4] and more! This talk is not suitable for the faint-hearted... If you want to dive deep, learn about advanced JVM topics, devoure bytecode and see first hand applications of theoretical computer science, join us.
[1] http://eng.kaching.com/2010/05/deployment-infrastructure-for.html
[2] http://en.wikipedia.org/wiki/Idempotence
[3] http://en.wikipedia.org/wiki/Memoization
[4] http://eng.kaching.com/2009/10/unifying-type-parameters-in-java.html
Python: Object oriented programming, RTS Tech. Indore
This is a presentation to take your skills to next level. Hope you will like our work to make programming easier for you.
Feel free to contact for the online/offline batches.
NET Systems Programming Learned the Hard Way.pptxpetabridge
What is a thread quantum and why is it different on Windows Desktop and Windows Server? What's the difference between a blocking call and a blocking flow? Why did our remoting benchmarks suddenly drop when we moved to .NET 6? When should I try to write lock-free code? What does the `volatile` keyword mean?
Welcome to the types of questions my team and I are asked, or ask ourselves, on a regular basis - we're the makers of Akka.NET, a high performance distributed actor system library and these are the sorts of low-level questions we need to answer in order to build great experiences for our own users.
In this talk we're going to learn about .NET systems programming, the low level components we hope we can take for granted, but sometimes can't. In particular:
- The `ThreadPool` and how work queues operate in practice;
- Synchronization mechanisms - including `lock`-less ones;
- Memory management, `Span<T>`, and garbage collection;
- `await`, `Task`, and the synchronization contexts; and
- Crossing user-code and system boundaries in areas such as sockets.
This talk will help .NET developers understand why their code works the way it does and what to do in scenarios that demand high performance.
Things I have learned over the years through experience of having to deliver code rapidly, with few defects and maximum functionality. I cover basic coding techniques, automated testing and sometimes I have enough time to review tools and code generation!
Similar to Object Oriented Code RE with HexraysCodeXplorer (20)
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSEDuvanRamosGarzon1
AIRCRAFT GENERAL
The Single Aisle is the most advanced family aircraft in service today, with fly-by-wire flight controls.
The A318, A319, A320 and A321 are twin-engine subsonic medium range aircraft.
The family offers a choice of engines
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Quality defects in TMT Bars, Possible causes and Potential Solutions.PrashantGoswami42
Maintaining high-quality standards in the production of TMT bars is crucial for ensuring structural integrity in construction. Addressing common defects through careful monitoring, standardized processes, and advanced technology can significantly improve the quality of TMT bars. Continuous training and adherence to quality control measures will also play a pivotal role in minimizing these defects.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfKamal Acharya
The College Bus Management system is completely developed by Visual Basic .NET Version. The application is connect with most secured database language MS SQL Server. The application is develop by using best combination of front-end and back-end languages. The application is totally design like flat user interface. This flat user interface is more attractive user interface in 2017. The application is gives more important to the system functionality. The application is to manage the student’s details, driver’s details, bus details, bus route details, bus fees details and more. The application has only one unit for admin. The admin can manage the entire application. The admin can login into the application by using username and password of the admin. The application is develop for big and small colleges. It is more user friendly for non-computer person. Even they can easily learn how to manage the application within hours. The application is more secure by the admin. The system will give an effective output for the VB.Net and SQL Server given as input to the system. The compiled java program given as input to the system, after scanning the program will generate different reports. The application generates the report for users. The admin can view and download the report of the data. The application deliver the excel format reports. Because, excel formatted reports is very easy to understand the income and expense of the college bus. This application is mainly develop for windows operating system users. In 2017, 73% of people enterprises are using windows operating system. So the application will easily install for all the windows operating system users. The application-developed size is very low. The application consumes very low space in disk. Therefore, the user can allocate very minimum local disk space for this application.
4. Why reversing C++ code
is a hard problem?
Virtual Methods & Templates
5. Virtual Methods
class Cat {
private:
int _weight;
public:
Cat(int weight) : _weight(weight) {};
int eat(int food) {
return _weight += food;
};
};
int _tmain(int argc, _TCHAR* argv[])
{
Cat* cat = new Cat(130);
int newWeigth = cat->eat(20);
}
class Animal {
protected:
int _weight;
public:
Animal(int weight) : _weight(weight) {};
virtual int eat(int food) = 0;
};
class Cat : Animal {
public:
Cat(int weight) : Animal(weight) {};
virtual int eat(int food) {
return _weight += food;
};
};
int _tmain(int argc, _TCHAR* argv[])
{
Animal* cat = new Cat(130);
int newWeight = cat->eat(20);
}
vs
6. Virtual Methods
class Cat {
private:
int _weight;
public:
Cat(int weight) : _weight(weight) {};
int eat(int food) {
return _weight += food;
};
};
int _tmain(int argc, _TCHAR* argv[])
{
Cat* cat = new Cat(130);
int newWeigth = cat->eat(20);
}
class Animal {
protected:
int _weight;
public:
Animal(int weight) : _weight(weight) {};
virtual int eat(int food) = 0;
};
class Cat : Animal {
public:
Cat(int weight) : Animal(weight) {};
virtual int eat(int food) {
return _weight += food;
};
};
int _tmain(int argc, _TCHAR* argv[])
{
Animal* cat = new Cat(130);
int newWeight = cat->eat(20);
}
vs
7. Virtual Function Tables
Class A
vfPtr
attr_1
attr_2
A::vfTable
A::a1()
A::a2()
A::a3()
RTTI Object
Locator
signature
pTypeDescriptor
pClassDescriptor
meta
8. Virtual Function Tables
Class A
vfPtr
attr_1
attr_2
A::vfTable
A::a1()
A::a2()
A::a3()
RTTI Object
Locator
signature
pTypeDescriptor
pClassDescriptor
meta
9. Virtual Function Tables
* lead to indirect method calls
-- difficult to analyze statically
* initialized in constructors
-- need to track back object creation
10. C++ Templates
* extra code to analyze
-- another way to create polymorphic types
* problematic to recognize standard library
code (FLIRT)
-- playing with compiler optimization
options
std::vector<int> std::vector<char>
std::vector<std::string> std::vector<custom_type>
11. C++ Code Reconstruction Problems
* Object identification
-- type reconstruction
* Class layout reconstruction
-- Identify constructors/destructors
-- Identify class members
-- Local/global type reconstruction
-- Associate object with exact method calls
* RTTI reconstruction
-- vftable reconstruction
-- Associate vftable object with exact object
-- class hierarchy reconstruction
18. Data Types Being Used: Vectors
struct VECTOR
{
void *vTable; // pointer to the virtual table
int NumberOfItems; // self-explanatory
int MaxSize; // self-explanatory
void *vector; // pointer to buffer with elements
};
* Used for handling objects:
-- tasks
-- triggers
19. Data Types Being Used: Strings
struct USTRING_STRUCT
{
void *vTable; // pointer to the table
int RefNo; // reference counter
int Initialized;
wchar_t *UnicodeBuffer; // pointer to unicode string
char *AsciiBuffer; // pointer to ASCII string
int AsciiLength; // length of the ASCII string
int Reserved;
int Length; // Length of unicode string
int LengthMax; // Size of UnicodeBuffer
};
39. HexRaysCodeXplorer since 2013
* CodeXplorer V1.0 released
on REcon’2013
* First third-party plugin
for Hex-Rays Decompiler
* v1.0 supports IDA v6.4 and
Decompiler for x86 v1.8
40. HexRaysCodeXplorer Features
* Hex-Rays decompiler plugin x86/x64
* The plugin was designed to facilitate static analysis of:
-- object oriented code
-- position independent code
* The plugin allows to:
-- partially reconstruct object type
-- navigate through decompiled virtual methods
41. Hex-Rays Decompiler Plugin SDK
* At the heart of the decompiler lies ctree structure:
-- syntax tree structure
-- consists of citem_t objects
-- there are 9 maturity levels of the ctree structure
42. * Type citem_t is a base class for:
-- cexpr_t – expression type
-- cinsn_t – statement type
* Expressions have attached type information
* Statements include:
-- block, if, for, while, do, switch, return, goto, asm
* Hex-Rays provides iterators for traversing the citem_t objects within
ctree structure:
-- ctree_visitor_t, ctree_parentee_t
Hex-Rays Decompiler Plugin SDK
citem_t
cexpr_t cinsn_t
43. * Type citem_t is a base class for:
-- cexpr_t – expression type
-- cinsn_t – statement type
* Expressions have attached type information
* Statements include:
-- block, if, for, while, do, switch, return, goto, asm
* Hex-Rays provides iterators for traversing the citem_t objects within
ctree structure:
-- ctree_visitor_t, ctree_parentee_t
Hex-Rays Decompiler Plugin SDK
citem_t
cexpr_t cinsn_t
49. HexRaysCodeXplorer: Object Type REconstruction
* Hex-Rays’s ctree structure may be used to partially
reconstruct object type
* Input:
-- pointer to the object instance
-- object initialization routine entry point
* Output:
-- C structure-like object representation
60. HexRaysCodeXplorer: Next plans
* Switch to IdaPython
* Further research & development:
-- find cross-references to
object attributes
-- handling nested structures
-- code similarity based on data
flow analysis
61. Thank you for your attention!
http://REhints.com
@Rehints
https://github.com/REhints/HexRaysCodeXplorer